CVE-2025-3052
Microsoft UEFI Firmware Arbitrary Write Vulnerability
Description
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
INFO
Published Date :
June 10, 2025, 8:15 p.m.
Last Modified :
June 12, 2025, 4:06 p.m.
Source :
[email protected]
Remotely Exploitable :
No
Impact Score :
6.0
Exploitability Score :
1.5
Affected Products
The following products are affected by CVE-2025-3052
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-3052.
| URL | Resource |
|---|---|
| https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html | |
| https://www.binarly.io/advisories/brly-dva-2025-001 | |
| https://www.kb.cert.org/vuls/id/806555 |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-3052 vulnerability anywhere in the article.
-
Cyber Security News
New Secure Boot Bypass Vulnerability Let Attackers Install Malware in PCs and Servers Boot Process
A critical vulnerability has emerged that threatens the fundamental security of modern computing systems, allowing attackers to bypass Secure Boot protections and install malware directly into the boo ... Read more
-
Help Net Security
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickl ... Read more
-
The Hacker News
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WEBDAV) that it said has come under active exploitation in the wild. Of ... Read more
-
Daily CyberSecurity
Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware
A newly disclosed vulnerability in Insyde H2O UEFI firmware, tracked as CVE-2025-4275, allows attackers to bypass Secure Boot protections by injecting rogue digital certificates into a poorly protecte ... Read more
-
Daily CyberSecurity
UEFI Secure Boot Bypass: Critical Flaw (CVE-2025-3052) Exposes Millions of Devices!
A new high-severity vulnerability discovered by BINARLY REsearch has reignited concerns about the integrity of the UEFI Secure Boot mechanism, a foundational security feature in modern computing. Trac ... Read more
-
Daily CyberSecurity
Stealth Falcon Exploits New Zero-Day (CVE-2025-33053) in Sophisticated Cyberespionage Campaign
A new cyberespionage campaign attributed to the notorious APT group Stealth Falcon has been uncovered by Check Point Research (CPR), highlighting the weaponization of a zero-day vulnerability (CVE-202 ... Read more
-
Ars Technica
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.
A skeleton key for hackers The publicly available exploits provide a near-universal way to bypass key protections. Researchers have unearthed two publicly available exploits that completely evade prot ... Read more
The following table lists the changes that have been made to the
CVE-2025-3052 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jun. 10, 2025
Action Type Old Value New Value Added Reference https://www.kb.cert.org/vuls/id/806555 -
New CVE Received by [email protected]
Jun. 10, 2025
Action Type Old Value New Value Added Description An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise. Added Reference https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html Added Reference https://www.binarly.io/advisories/brly-dva-2025-001 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 10, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-3052 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-3052
weaknesses.