CVE/CVE-2025-3052: Difference between revisions
< CVE
(Created page with " cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables. https://github.com/cjee21/Check-UEFISecureBootVariables Get-SecureBootUEFI https://learn.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2025-ps") |
No edit summary |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== CVE-2025-3052 – UEFI Secure Boot Bypass Vulnerability == | |||
What is CVE-2025-3052? | |||
CVE-2025-3052 is an arbitrary write vulnerability in UEFI firmware applications signed by Microsoft (e.g., DTBios, BiosFlashShell). It allows attackers to manipulate NVRAM variables and bypass Secure Boot, enabling execution of unauthorized code during system startup. | |||
== NIST - NVD - CVE-2025-3052 == | |||
https://nvd.nist.gov/vuln/detail/CVE-2025-3052 | |||
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise. | |||
CVE Dictionary Entry: CVE-2025-3052 | |||
NVD Published Date: 06/10/2025 | |||
NVD Last Modified: 06/12/2025 | |||
Source: CERT/CC | |||
== NIST - NVD - CVE-2025-3052 == | |||
https://nvd.nist.gov/vuln/detail/CVE-2025-3052 | |||
== Quick Windows Patch Check == | |||
Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"} | |||
=== Windows 10 LTSC Sample Patch Check === | |||
<pre> | |||
PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"} | |||
Source Description HotFixID InstalledBy InstalledOn | |||
------ ----------- -------- ----------- ----------- | |||
MYWIN10 Security Update KB5065429 NT AUTHORITY\SYSTEM 11/15/2025 12:00:00 AM | |||
MYWIN10 Update KB5063979 NT AUTHORITY\SYSTEM 9/26/2025 12:00:00 AM | |||
</pre> | |||
=== Windows 11 Sample Patch Check === | |||
<pre> | |||
PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"} | |||
Source Description HotFixID InstalledBy InstalledOn | |||
------ ----------- -------- ----------- ----------- | |||
MYWIN11 Update KB5067931 NT AUTHORITY\SYSTEM 10/29/2025 12:00:00 AM | |||
MYWIN11 Security Update KB5068861 NT AUTHORITY\SYSTEM 11/13/2025 12:00:00 AM | |||
MYWIN11 Update KB5067035 NT AUTHORITY\SYSTEM 10/29/2025 12:00:00 AM | |||
</pre> | |||
== Check-UEFISecureBootVariables == | |||
cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables. | cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables. | ||
https://github.com/cjee21/Check-UEFISecureBootVariables | https://github.com/cjee21/Check-UEFISecureBootVariables | ||
| Line 4: | Line 50: | ||
Get-SecureBootUEFI | Get-SecureBootUEFI | ||
https://learn.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2025-ps | https://learn.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2025-ps | ||
== keywords == | |||
Latest revision as of 08:32, 15 November 2025
CVE-2025-3052 – UEFI Secure Boot Bypass Vulnerability
What is CVE-2025-3052? CVE-2025-3052 is an arbitrary write vulnerability in UEFI firmware applications signed by Microsoft (e.g., DTBios, BiosFlashShell). It allows attackers to manipulate NVRAM variables and bypass Secure Boot, enabling execution of unauthorized code during system startup.
NIST - NVD - CVE-2025-3052
https://nvd.nist.gov/vuln/detail/CVE-2025-3052
An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.
CVE Dictionary Entry: CVE-2025-3052 NVD Published Date: 06/10/2025 NVD Last Modified: 06/12/2025 Source: CERT/CC
NIST - NVD - CVE-2025-3052
https://nvd.nist.gov/vuln/detail/CVE-2025-3052
Quick Windows Patch Check
Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}
Windows 10 LTSC Sample Patch Check
PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
MYWIN10 Security Update KB5065429 NT AUTHORITY\SYSTEM 11/15/2025 12:00:00 AM
MYWIN10 Update KB5063979 NT AUTHORITY\SYSTEM 9/26/2025 12:00:00 AM
Windows 11 Sample Patch Check
PS C:\> Get-HotFix | Where-Object {$_.HotFixID -match "KB5060*"}
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
MYWIN11 Update KB5067931 NT AUTHORITY\SYSTEM 10/29/2025 12:00:00 AM
MYWIN11 Security Update KB5068861 NT AUTHORITY\SYSTEM 11/13/2025 12:00:00 AM
MYWIN11 Update KB5067035 NT AUTHORITY\SYSTEM 10/29/2025 12:00:00 AM
Check-UEFISecureBootVariables
cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables. https://github.com/cjee21/Check-UEFISecureBootVariables
Get-SecureBootUEFI https://learn.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2025-ps