PT-2025-49981 · Edk2+1 · Edk2+1

Published

2025-01-01

Updated

2026-05-19

CVE-2025-2296

CVSS v4.0

8.4

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description EDK2 contains a flaw in BIOS related to improper input validation. A local attacker may exploit this issue to alter control flow, potentially leading to arbitrary command execution. This could impact the confidentiality, integrity, and availability of the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:18465

AZL-72545

AZL-72556

AZL-72559

CVE-2025-2296

GHSA-6PP6-CM5H-86G5

OPENSUSE-SU-2026:10467-1

RHSA-2026:18465

Affected Products

Debian

Edk2

PT-2025-49981 · Edk2+1 · Edk2+1

CVE-2025-2296

Weakness Enumeration

Related Identifiers

Affected Products

References · 24