CVE-2025-47827
Published Jun 5, 2025
Last updated 6 months ago
- Description
- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- igel_os, windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- IGEL OS Use of a Key Past its Expiration Date Vulnerability
- Exploit added on
- Oct 14, 2025
- Exploit action due
- Nov 4, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-347
- Hype score
- Not currently trending
【VAIO BIOSアップデート情報】 VAIO S11 / S13 / A12 向け 最新BIOSアップデートが 2026年1月22日 公開されました。 ✔ システム安定性の向上 ✔ セキュリティ脆弱性(CVE-2025-47827)対応 対象機種をお使いの方は 早め
@sshopnakamura
23 Jan 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【重要】 VAIO Z/S15向けBIOSアップデート公開(1/20) セキュアブート脆弱性 「CVE-2025-47827」に対応。 業務利用・長期使用の方は早めの更新をおすすめします 詳細はブログにて https://t.co/pwu1oT5oQO https://t.co/TiSgpv
@sshopnakamura
21 Jan 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【重要】 VAIO VJSシリーズ向けBIOSアップデート公開(2026/1/15) ✔ セキュアブート脆弱性対応 ✔ CVE-2025-47827 ✔ 法人・業務利用は特に要確認 VJS124/125/126/134/144/145/146 対象 詳細はブログにて https://t.co/ujhuuSgFL8 htt
@sshopnakamura
16 Jan 2026
131 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆: 𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝟮𝟬𝟮𝟱 𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗬𝗼𝘂 𝗦𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗠𝗶𝘀𝘀 ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-day
@Action1corp
17 Oct 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-10-15 KEV: CVE-2025-47827 — IGEL OS Use of NVD: CVE-2025-22831 — APTIOV contains a vulnerability News: F5 says hackers stole undisclosed BIG-IP… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
15 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 173 vulnerabilities, three exploited zero-days (CVE-2025-59230, CVE-2025-47827 and CVE-2025-24990) and three with PoC (CVE-2025-2884, CVE-2
@Action1corp
14 Oct 2025
128 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#VulnerabilityReport #CVE202547827 IGEL OS 10 Flaw (CVE-2025-47827): Full Secure Boot Bypass Allows Untrusted Kernel & Rootkits, PoC Available https://t.co/oL5A1uIEOi
@Komodosec
19 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📛 Admin access transforms Secure Boot vulnerabilities like CVE-2025-3052 & CVE-2025-47827 into catastrophic openings for attackers. These CVEs are no joke—fix them NOW! #hacking #ethicalhacking #infosec https://t.co/ro7MT58EkM https://t.co/UcpiQ8tGeH
@lnxsec
10 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Microsoft hasn’t revoked compromised certificates linked to CVE-2025-47827. Why? This oversight impacts Linux systems globally. IT managers must patch manually for now. #hacking #cybersec #NetworkSecurity https://t.co/ro7MT58EkM https://t.co/NfnEI9bc32
@lnxsec
10 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
☠️ Are Linux servers vulnerable to stealthy malware? CVE-2025-47827 shows why signed binaries aren't bulletproof. Learn proactive steps for securing your infrastructure. #hacking #coding #linux https://t.co/SA7og338Xi
@mxm_mainsecure
9 Jul 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚧 Not-so-secure boot? CVE-2025-47827 targets Linux environments relying on Microsoft's 3rd Party UEFI CA certificate. Reassess your trust structure to block attackers now. #hacking #coding #cybersec https://t.co/ro7MT58EkM https://t.co/tcYtlZKI0g
@lnxsec
4 Jul 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Physical access isn’t the only threat. CVE-2025-47827 exposes flaws in Linux shim security signed by Microsoft. What makes this vulnerability catastrophic for Linux admins? #hacking #coding #infosec https://t.co/ro7MT58EkM https://t.co/TUKYiq3Yym
@lnxsec
2 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
研究人员发现两个漏洞能🔓绕过 Secure Boot,微软只修复了一个😢。CVE-2025-3052是DT Research设备固件工具漏洞🛠️,微软已屏蔽。另一个CVE-2025-47827涉Linux内核模块IGEL,微软未撤销签名💔。令人绝望😭。
@touhlih
11 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47827 In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root files… https://t.co/9vmwJkiJRG
@CVEnew
5 Jun 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:igel:igel_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8287FE1A-4E34-40E1-9A78-619D46C07433",
"versionEndExcluding": "11.01.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]