CVE-2025-4275 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Insyde	CNA	7.8 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vulnerability Media Exposure

[ENGLISH] Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation
Published: 2025-06-11T13:16:00+05:30
[GERMAN] UEFI-BIOS-Lücken: SecureBoot-Umgehung und Firmware-Austausch möglich
Durch Nutzung unsicherer NVRAM-Variablen ermöglichen viele UEFI-BIOS-Versionen das Umgehen von SecureBoot oder Austausch der Firmware.
Published: 2025-06-11T12:35:00+00:00
[GERMAN] Insyde UEFI Firmware: Mehrere Schwachstellen ermöglichen Codeausführung
Ein lokaler Angreifer kann mehrere Schwachstellen in Insyde UEFI Firmware ausnutzen, um beliebigen Programmcode auszuführen.
Published: 2025-06-10T22:00:00+00:00

References

https://www.insyde.com/security-pledge/sa-2025002/

https://www.kb.cert.org/vuls/id/211341