Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog Docs About Contact
8.2
CVSSv3

CVE-2025-3052

CVSSv4: NA | CVSSv3: 8.2 | CVSSv2: NA | VMScore: 920 | EPSS: 0.00016 | KEV: Not Included
Published: 10/06/2025 Updated: 10/06/2025

Vulnerability Summary

Microsoft UEFI Firmware Arbitrary Write Vulnerability Enables Untrusted Code Execution

A vulnerability exists in Microsoft signed UEFI firmware that allows arbitrary write access. An attacker can control specific values, which enables modification of memory and critical firmware settings stored in NVRAM. This security issue potentially allows an attacker to bypass system security, establish persistent access, or completely compromise the entire system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dt research biosflashshell

dt research dtbios

Recent Articles

New Secure Boot flaw lets attackers install bootkit malware, patch now
BleepingComputer • Lawrence Abrams • 10 Jun 2025

New Secure Boot flaw lets attackers install bootkit malware, patch now By Lawrence Abrams June 10, 2025 04:02 PM 0 Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft's "UEFI CA 2011" certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov discovered the CVE-2025-3052 f...

Read more...
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
BleepingComputer • Lawrence Abrams • 10 Jun 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws By Lawrence Abrams June 10, 2025 01:37 PM 0 .crit { font-weight:bold; color:red; } .article_section td { font-size: 14px!important; } Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. This Patch Tuesday also fixes ten "Critical" vulnerabilities, eight being remote code execution vulnerabilities and t...

Read more...

References

https://nvd.nist.govhttps://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/https://www.first.org/epsshttps://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.htmlhttps://www.binarly.io/advisories/brly-dva-2025-001https://www.kb.cert.org/vuls/id/806555
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248thanhtungtntremote code executioncodepen embed blockCVE-2025-6354chris coyierCVE-2025-50025nitin yawalkarcode executionCVE-2025-50038CVE-2023-0386cross-site scriptingCVE-2025-6351
Home
/
Search Results
/
CVE-2025-3052
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook