Privilege Escalation and Code Execution Vulnerability in HP PC System BIOS
CVE-2024-5477

7.3HIGH

Key Information:

Vendor: HP
Status: Certain HP Pc Products
Vendor: CVE Published:; 13 August 2025

What is CVE-2024-5477?

A security vulnerability exists in the System BIOS of several HP PC models, enabling possibilities such as privilege escalation, arbitrary code execution, denial of service, or information disclosure. This vulnerability requires a physical attack using specialized tools to exploit. To mitigate the risks associated with this vulnerability, HP is providing a firmware update aimed at addressing the potential security gaps.

Affected Version(s)

Certain HP PC Products See HP Security Bulletin reference for affected versions.

References

https://support.hp.com/us-en/document/ish_12878449-128784...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
May 29, 2024