High Published: Dec 09, 2025 Modified: Dec 09, 2025

CVE-2025-2296

8.4 CVSS Score High

Export CVE-2025-2296 Data:

Link copied!

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.
When secure boot is enabled, image will be verified by DxeImageVerification when it is to be loaded.
In direct boot mode if signature of linux kernel is not in the DB, DxeImageVerification returns EFI_ACCESS_DENIED. But it falls back to the legacy loader. In this case Secure Boot is bypassed.

Detailed code is QemuLoadKernelImage () @OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c.

Another related commit is:
dafce29 2020-06-06 OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage() [Laszlo Ersek]

Impact
An attacker could possibly alter control flow in unexpected ways, including arbitrary command execution.
A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, Availability.

Mitigation release plan
A patch was upstreamed into EDK2. #10628

References
Original bugzilla ticket. https://bugzilla.tianocore.org/show_bug.cgi?id=3857

Weaknesses (CWE)

CWE-20

References & External Links

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

Exploit Available

NVD References

Poc

https://www.kraxel.org/blog/2025/12/analyzing-cve-2025-2296/

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker