Arbitrary Write Vulnerability in Microsoft UEFI Firmware
CVE-2025-3052

8.2HIGH

Key Information:

Vendor

Dt Research

Status
BiOSflashshell
DtbiOS
Vendor
CVE Published:
10 June 2025

Badges

📈 Trended📈 Score: 2,120👾 Exploit Exists📰 News Worthy

What is CVE-2025-3052?

CVE-2025-3052 is a critical vulnerability in Microsoft UEFI firmware that affects systems utilizing this technology. UEFI (Unified Extensible Firmware Interface) is a modern firmware interface used to initialize hardware components and load operating systems during the boot process. This vulnerability specifically allows attackers to perform arbitrary writes to memory, which can compromise the integrity of the firmware settings stored in non-volatile random access memory (NVRAM). By exploiting this flaw, an attacker could execute untrusted software on a target system, leading to serious security breaches, including the ability to manipulate firmware configurations, establish persistent backdoors, and potentially gain full control over the device.

Potential impact of CVE-2025-3052

  1. System Compromise: Exploiting this vulnerability could allow malicious actors to gain complete control over affected systems, enabling them to execute arbitrary code with elevated privileges.

  2. Security Bypass: Attackers could modify critical firmware settings, which may lead to bypassing established security protocols and rendering existing defenses ineffective.

  3. Persistence Mechanisms: The ability to write arbitrary data into firmware could allow attackers to implant persistent malware that survives reboots and reinstalls, making it much harder for organizations to detect and remove the threat.

Affected Version(s)

BiosFlashShell 80.02

BiosFlashShell 81.02

Dtbios 70.17

News Articles

favicon imagecyberkendra.com

Researchers Expose Critical Secure Boot Vulnerabilities Affecting Millions of UEFI Systems

Security researchers have uncovered two significant vulnerabilities that can completely bypass Secure Boot protections on UEFI-compatible systems, potentially affecting millions of devices worldwide. These...

6 days ago

favicon imageForbes

Microsoft Windows Secure Boot Bypass Confirmed — Update Now

As news emerges of CVE-2025-3052, a Microsoft Windows Secure Boot bypass vulnerability, users are urged to update their machines ASAP.

3 weeks ago

favicon imageArs Technica

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

The publicly available exploits provide a near-universal way to bypass key protections.

3 weeks ago

References

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Drive...
https://www.binarly.io/advisories/brly-dva-2025-001

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • Vulnerability published

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability Reserved

.
CVE-2025-3052 : Arbitrary Write Vulnerability in Microsoft UEFI Firmware