CVE-2025-3052

Name of the Vulnerable Software and Affected Versions Microsoft signed UEFI firmware (affected versions not specified)

Description An arbitrary write vulnerability exists in Microsoft-signed UEFI firmware due to the unsafe handling of the IhisiParamBuffer NVRAM variable. The firmware reads the content of this variable and uses it as a pointer for memory write operations without proper validation. This allows a privileged attacker to control the value and perform arbitrary memory writes, such as overwriting the gSecurity2 global variable to disable Secure Boot enforcement during the boot process. Consequently, this can lead to the execution of untrusted software, the installation of bootkits that remain invisible to the operating system, security bypasses, persistence mechanisms, or full system compromise. The issue affects 14 modules signed with the "Microsoft Corporation UEFI CA 2011" certificate. Insyde-based devices are protected due to variable locking, but most other UEFI systems are vulnerable.

Recommendations Update the Secure Boot dbx immediately. Monitor NVRAM variable modifications. Hunt for unexpected UEFI modules in the Boot Manager. As a temporary workaround, restrict access to the IhisiParamBuffer NVRAM variable to minimize the risk of exploitation.