- Description
- A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. An attacker may to execute arbitrary signed UEFI code and bypass Secure Boot.
- Source
- 8338d8cb-57f7-4252-abc0-96fd13e98d21
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 6
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
''Hydroph0bia (CVE-2025-4275) - a fixed SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O, part 3'' #infosec #pentest #redteam #blueteam https://t.co/Kqz5OyGSR7
@CyberWarship
11 Jan 2026
1713 Impressions
0 Retweets
23 Likes
6 Bookmarks
0 Replies
0 Quotes
Hydrophobia (CVE-2025-4275): Critical UEFI flaw lets attackers bypass #SecureBoot & hijack firmware on devices like Huawei MateBook 14. Learn how a decades-old NVRAM quirk opened the door to early-stage compromise. https://t.co/QYi4PaXEMJ #UEFISecurity #CVE20254275 https:/
@ForesietTFeed
18 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Will be presenting my Hydroph0bia (CVE-2025-4275) research at OFFZONE (https://t.co/XYxy97Zwd7) 2025 on Aug 21st. It will be 1 hr long main track talk about UEFI SecureBoot, the hole Insyde left in the H2O platform for a decade, and the things we all can do to prevent such holes.
@NikolajSchlej
23 Jul 2025
1819 Impressions
5 Retweets
32 Likes
9 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-4275: Secure Boot Bypass via Digital Certificate Injection through InsydeH2O's NVRAM Variable https://t.co/JQGsWLYHNt Hello, this is newp1ayer48. Today's daily line is about the CVE-2025-4275, a Secure Boot bypass vulnerability found in the InsydeH2O UEFI
@hackyboiz
25 Jun 2025
2096 Impressions
6 Retweets
19 Likes
4 Bookmarks
0 Replies
0 Quotes
Hydroph0bia (CVE-2025-4275) - a trivial SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O, part 1 https://t.co/Gctot6x3DQ https://t.co/5Kjg1SFxha
@5mukx
21 Jun 2025
2719 Impressions
17 Retweets
70 Likes
34 Bookmarks
1 Reply
0 Quotes
Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. https://t.co/vEIkUNH3Ey
@NikolajSchlej
20 Jun 2025
4827 Impressions
27 Retweets
50 Likes
29 Bookmarks
3 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2025-31200 2 - CVE-2023-50428 3 - CVE-2025-33073 4 - CVE-2025-21420 5 - CVE-2025-4275 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
15 Jun 2025
135 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore. https:
@NikolajSchlej
14 Jun 2025
4009 Impressions
12 Retweets
50 Likes
21 Bookmarks
1 Reply
0 Quotes
📢 FIRMWARE GÜVENLİK DUYURUSU – Insyde UEFI Secure Boot Zafiyeti (CVE-2025-4275) Insyde Software’in H2O UEFI firmware’inde keşfedilen kritik bir güvenlik açığı, kötü niyetli aktörlerin sistemin Secure Boot mekanizmasını baypas etmesine olanak tanıyor. Zafiye
@GMDestekMerkezi
13 Jun 2025
71 Impressions
2 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2025-0282: Stack-based BoF in Ivanti Connect Secure - https://t.co/gg5z4ap4Go 2. CVE-2025-4123: Grafana Path Traversal - https://t.co/0QxWl8iNVO 3. CVE-2025-4275: SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O - https://t.co/l6ppF6bgYS
@ksg93rd
11 Jun 2025
276 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Hydroph0bia (CVE-2025-4275) PoC - DXE volume takeover on HUAWEI MateBook 14 2023, flashing a patched BIOS with custom boot logo. No user interaction outside of the OS required, SecureBoot and firmware password remain enabled. https://t.co/DYLj3oCb9O, https://t.co/nkk0WkIzFt h
@NikolajSchlej
11 Jun 2025
4562 Impressions
15 Retweets
54 Likes
19 Bookmarks
0 Replies
1 Quote
Lenovo estimates their fixes to Hidroph0bia (CVE-2025-4275) to be available no earlier than 2025-07-30 for all affected models that aren't EOL: https://t.co/hk0HlRgKVR
@NikolajSchlej
11 Jun 2025
360 Impressions
1 Retweet
10 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-4275 Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched. https://t.co/4AmbcsgPPa
@CVEnew
11 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
How to check if your FW is vulnerable to Hydroph0bia (CVE-2025-4275): obtain a BIOS dump or a BIOS update for your PC, open it in UEFITool NE, open Search window on Text tab (Ctrl+F), search for Unicode text "SecureFlashCertData". If nothing had been found, our FW is fine.
@NikolajSchlej
10 Jun 2025
1890 Impressions
12 Retweets
27 Likes
13 Bookmarks
1 Reply
0 Quotes
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: https://t.co/DYLj3oBDkg
@NikolajSchlej
10 Jun 2025
12144 Impressions
75 Retweets
156 Likes
60 Bookmarks
2 Replies
2 Quotes