UEFI Firmware Vulnerability in Clevo Products
CVE-2025-11577

7.6HIGH

Key Information:

Vendor: Clevo
Status: Notebook System Firmware
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11577?

The UEFI firmware update packages from Clevo, specifically B10717.exe, have been found to contain private signing keys crucial for Boot Guard and Boot Policy Manifest verification. The presence of these keys poses a serious risk by allowing attackers to craft and sign malicious firmware that may be accepted by affected systems. This can lead to a compromise of the early boot process, thereby undermining the overall system integrity and trust.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Notebook System Firmware 1.07.07TRO1

References

https://www.binarly.io/advisories/brly-2025-002

https://www.kb.cert.org/vuls/id/538470

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 10, 2025

JSON

Clevo

What is CVE-2025-11577?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.