Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-3052

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

Published: Jun 10, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-3052
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html
https://www.binarly.io/advisories/brly-dva-2025-001
https://www.kb.cert.org/vuls/id/806555

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo