PT-2025-23933 · Igel +1 · Igel Os +1

Zedeldi

·

Published

2025-06-05

·

Updated

2025-10-15

·

CVE-2025-47827

CVSS v3.1
4.6
VectorAV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions IGEL OS versions prior to 11
Description IGEL OS before version 11 contains a flaw in the
igel-flash-driver
module that improperly verifies cryptographic signatures during Secure Boot. This allows a crafted root filesystem to be mounted from an unverified SquashFS image, potentially enabling the loading of untrusted kernels and rootkits. The vulnerability allows attackers to bypass Secure Boot protections, potentially through physical or virtual access. No information is available regarding the number of affected devices or real-world exploitation incidents. The vulnerability affects systems relying on Microsoft's 3rd Party UEFI CA certificate.
Recommendations Update IGEL OS to version 11 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Verification of Cryptographic Signature

Weakness Enumeration

Related Identifiers

CVE-2025-47827

Affected Products

Igel Os
Windows