CVE-2025-11577

Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain

CVSS 7.6 HIGHEPSS 0.2%

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Clevo · Notebook System Firmware

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.binarly.io/advisories/brly-2025-002 https://www.kb.cert.org/vuls/id/538470