CVE-2025-47827

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 11, 2025
Published Date: June 05, 2025
Last Updated: February 26, 2026
Vendor: n/a
Product: n/a
Description: In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Tags

CVSS Scores

CVSS v3.1

4.6 - MEDIUM

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:42:10 UTC) Source

References

https://github.com/Zedeldi/igelfs https://github.com/Zedeldi/CVE-2025-47827

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:42:10 UTC

Timeline

CVE ID Reserved

May 11, 2025
CVE Published to Public

June 05, 2025
Added to KEVIntel

June 01, 2026