Integer Overflow Vulnerability in EDK2 BIOS by TianoCore
CVE-2025-2295

3.5LOW

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 14 March 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-2295?

The EDK2 BIOS by TianoCore contains a vulnerability that allows an attacker to trigger an integer overflow through network interactions. Successful exploitation could lead to a denial of service, impacting the availability of the system. This vulnerability highlights the importance of securing BIOS interfaces against potential network-based threats.

Affected Version(s)

EDK2 0

News Articles

INCIBE

CVE-2025-2295

Vulnerabilities | INCIBE-CERT | INCIBE

CVE-2025-2295 Publication date: 14/03/2025 EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by...

References

https://github.com/tianocore/edk2/security/advisories/GHS...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 15, 2025
📰
First article discovered by INCIBE
Mar 15, 2025
Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Mar 13, 2025

Tianocore