UEFI Firmware Vulnerability in Clevo Products
CVE-2025-11577

7.6HIGH

Key Information:

Vendor: Clevo
Status: Notebook System Firmware
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11577?

The UEFI firmware update packages from Clevo, specifically B10717.exe, have been found to contain private signing keys crucial for Boot Guard and Boot Policy Manifest verification. The presence of these keys poses a serious risk by allowing attackers to craft and sign malicious firmware that may be accepted by affected systems. This can lead to a compromise of the early boot process, thereby undermining the overall system integrity and trust.

Affected Version(s)

Notebook System Firmware 1.07.07TRO1

References

https://www.binarly.io/advisories/brly-2025-002

https://www.kb.cert.org/vuls/id/538470

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 10, 2025

CVE-2025-11577 Data

JSON