Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2025-3052
PUBLISHEDAn arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.
- Vendor
- DT Research
- Product
- BiosFlashShell, Dtbios
- Published
- Jun 10, 2025
- EPSS
- —
Description
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2025-06-11 07:01:39 UTC · Source
SSVC decision points
- Exploitation
- poc
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) | Jun 11, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel