BIOS Vulnerability in EDK2 by Tianocore Impacting Security Mechanisms
CVE-2025-3770

7HIGH

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 7 August 2025

What is CVE-2025-3770?

Tianocore's EDK2 contains a critical vulnerability in its BIOS implementation, which could allow an attacker with local access to exploit 'Protection Mechanism Failure'. This could facilitate arbitrary code execution, compromising key security tenets such as confidentiality, integrity, and availability of the system.

Affected Version(s)

EDK2 0

References

https://github.com/tianocore/edk2/security/advisories/GHS...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Apr 17, 2025

Credit

Christopher Domas