AI description
CVE-2025-4275 is a vulnerability in Insyde H2O UEFI firmware that allows attackers to bypass Secure Boot protections. This is achieved by injecting rogue digital certificates into a poorly protected NVRAM variable named SecureFlashCertData. The firmware then mistakenly trusts the attacker's certificate, which allows the execution of malicious UEFI modules. Attackers with administrative OS-level access can write their own certificate to the SecureFlashCertData variable. During the next boot cycle, this injected certificate is used by the firmware to verify and execute unsigned or tampered UEFI code during early boot. This enables attackers to load pre-boot malware, rootkits, or firmware-level persistence mechanisms before the OS and its security tools initialize.
- Description
- Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
- Source
- 8338d8cb-57f7-4252-abc0-96fd13e98d21
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 6
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
Top 5 Trending CVEs: 1 - CVE-2025-31200 2 - CVE-2023-50428 3 - CVE-2025-33073 4 - CVE-2025-21420 5 - CVE-2025-4275 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
15 Jun 2025
135 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set from the OS anymore. https:
@NikolajSchlej
14 Jun 2025
4009 Impressions
12 Retweets
50 Likes
21 Bookmarks
1 Reply
0 Quotes
📢 FIRMWARE GÜVENLİK DUYURUSU – Insyde UEFI Secure Boot Zafiyeti (CVE-2025-4275) Insyde Software’in H2O UEFI firmware’inde keşfedilen kritik bir güvenlik açığı, kötü niyetli aktörlerin sistemin Secure Boot mekanizmasını baypas etmesine olanak tanıyor. Zafiye
@GMDestekMerkezi
13 Jun 2025
71 Impressions
2 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2025-0282: Stack-based BoF in Ivanti Connect Secure - https://t.co/gg5z4ap4Go 2. CVE-2025-4123: Grafana Path Traversal - https://t.co/0QxWl8iNVO 3. CVE-2025-4275: SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O - https://t.co/l6ppF6bgYS
@ksg93rd
11 Jun 2025
276 Impressions
0 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
Hydroph0bia (CVE-2025-4275) PoC - DXE volume takeover on HUAWEI MateBook 14 2023, flashing a patched BIOS with custom boot logo. No user interaction outside of the OS required, SecureBoot and firmware password remain enabled. https://t.co/DYLj3oCb9O, https://t.co/nkk0WkIzFt h
@NikolajSchlej
11 Jun 2025
4562 Impressions
15 Retweets
54 Likes
19 Bookmarks
0 Replies
1 Quote
Lenovo estimates their fixes to Hidroph0bia (CVE-2025-4275) to be available no earlier than 2025-07-30 for all affected models that aren't EOL: https://t.co/hk0HlRgKVR
@NikolajSchlej
11 Jun 2025
360 Impressions
1 Retweet
10 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-4275 Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched. https://t.co/4AmbcsgPPa
@CVEnew
11 Jun 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
How to check if your FW is vulnerable to Hydroph0bia (CVE-2025-4275): obtain a BIOS dump or a BIOS update for your PC, open it in UEFITool NE, open Search window on Text tab (Ctrl+F), search for Unicode text "SecureFlashCertData". If nothing had been found, our FW is fine.
@NikolajSchlej
10 Jun 2025
1890 Impressions
12 Retweets
27 Likes
13 Bookmarks
1 Reply
0 Quotes
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: https://t.co/DYLj3oBDkg
@NikolajSchlej
10 Jun 2025
12144 Impressions
75 Retweets
156 Likes
60 Bookmarks
2 Replies
2 Quotes