High severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026
CVE-2025-2296
CVE-2025-2296
Description
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords5 versionspkg:rpm/almalinux/edk2-aarch64pkg:rpm/almalinux/edk2-ovmfpkg:rpm/almalinux/edk2-toolspkg:rpm/almalinux/edk2-tools-docpkg:rpm/opensuse/ovmf&distro=openSUSE%20Tumbleweed
< 20251114-5.el10_2+ 4 more
- (no CPE)range: < 20251114-5.el10_2
- (no CPE)range: < 20251114-5.el10_2
- (no CPE)range: < 20251114-5.el10_2
- (no CPE)range: < 20251114-5.el10_2
- (no CPE)range: < 202602-6.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.