CVE-2025-2486

Name of the Vulnerable Software and Affected Versions Ubuntu edk2 UEFI firmware packages versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 Ubuntu edk2 UEFI firmware packages (affected versions not specified)

Description The Ubuntu edk2 UEFI firmware packages unintentionally permitted access to the UEFI Shell within Secure Boot environments, potentially circumventing Secure Boot protections. Earlier versions included a secure-boot-based mechanism to maintain operation within the Shell, which is considered adequate for enforcing Secure Boot restrictions. This issue represents an additional correction related to a previous incomplete fix.

Recommendations Update to version 2024.05-2ubuntu0.3. Update to version 2024.02-2ubuntu0.3. At the moment, there is no information about a newer version that contains a fix for this vulnerability.