High severity8.2NVD Advisory· Published Jun 10, 2025· Updated Apr 15, 2026

CVE-2025-3052

Description

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.htmlnvd
www.binarly.io/advisories/brly-dva-2025-001nvd
www.kb.cert.org/vuls/id/806555nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000