CVE/CVE-2025-3052

From Omnia
< CVE
Jump to navigation Jump to search

CVE-2025-3052 – UEFI Secure Boot Bypass Vulnerability

What is CVE-2025-3052?
CVE-2025-3052 is an arbitrary write vulnerability in UEFI firmware applications signed by Microsoft (e.g., DTBios, BiosFlashShell).  It allows attackers to manipulate NVRAM variables and bypass Secure Boot, enabling execution of unauthorized code during system startup.

NIST - NVD - CVE-2025-3052

https://nvd.nist.gov/vuln/detail/CVE-2025-3052

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

CVE Dictionary Entry: CVE-2025-3052
NVD Published Date: 06/10/2025
NVD Last Modified: 06/12/2025
Source: CERT/CC

NIST - NVD - CVE-2025-3052

https://nvd.nist.gov/vuln/detail/CVE-2025-3052

Quick Windows Patch Check

Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}

Windows 10 LTSC Sample Patch Check

PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
MYWIN10       Security Update  KB5065429     NT AUTHORITY\SYSTEM  11/15/2025 12:00:00 AM
MYWIN10       Update           KB5063979     NT AUTHORITY\SYSTEM  9/26/2025 12:00:00 AM

Windows 11 Sample Patch Check

PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}

Source        Description      HotFixID      InstalledBy          InstalledOn
------        -----------      --------      -----------          -----------
MYWIN11       Update           KB5067931     NT AUTHORITY\SYSTEM  10/29/2025 12:00:00 AM
MYWIN11       Security Update  KB5068861     NT AUTHORITY\SYSTEM  11/13/2025 12:00:00 AM
MYWIN11       Update           KB5067035     NT AUTHORITY\SYSTEM  10/29/2025 12:00:00 AM

Check-UEFISecureBootVariables

cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables.
https://github.com/cjee21/Check-UEFISecureBootVariables

Get-SecureBootUEFI
https://learn.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2025-ps

keywords

Retrieved from "https://aznot.com/index.php?title=CVE/CVE-2025-3052&oldid=9112"