CVE-2025-3770

{"id": "CVE-2025-3770", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "infosec@edk2.groups.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2025-08-07T01:15:25.713", "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr", "source": "infosec@edk2.groups.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "infosec@edk2.groups.io", "description": [{"lang": "en", "value": "CWE-693"}]}], "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."}, {"lang": "es", "value": "EDK2 contiene una vulnerabilidad en la BIOS que permite a un atacante provocar un fallo del mecanismo de protecci\u00f3n mediante acceso local. La explotaci\u00f3n exitosa de esta vulnerabilidad provocar\u00e1 la ejecuci\u00f3n de c\u00f3digo arbitrario y afectar\u00e1 la confidencialidad, la integridad y la disponibilidad."}], "lastModified": "2025-08-07T21:26:37.453", "sourceIdentifier": "infosec@edk2.groups.io"}