CVE-2025-3770

EUVD-2025-23901
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
edk2-aarch64
Amazon Linux 2
0:20240813-302.amzn2
fixed
edk2-debuginfo
Amazon Linux 2
0:20240813-302.amzn2
fixed
edk2-ovmf
Amazon Linux 2
0:20240813-302.amzn2
fixed
edk2-tools
Amazon Linux 2
0:20240813-302.amzn2
fixed
edk2-tools-doc
Amazon Linux 2
0:20240813-302.amzn2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
edk2
Azure Linux 3.0
0:20240524git3e722403cd16-9.azl3
fixed
CBL-Mariner 2.0
0:20230301gitf80f052277c8-43.cm2
fixed
hvloader
CBL-Mariner 2.0
0:1.0.1-14.cm2
fixed