CVE-2025-2295Integer Overflow or Wraparound in Edk2

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
3.5LOWNVD
EPSS
0.1%
top 70.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedMar 14
Latest updateNov 26

Description

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:LExploitability: 0.9 | Impact: 2.5

Affected Packages2 packages

Debiantianocore/edk2< 2025.02-4+1
CVEListV5tianocore/edk2edk2-stable202502

🔴Vulnerability Details

2
CVEList
Potential iSCSI R2T PDU Vulnerability2025-03-14
OSV
CVE-2025-2295: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means2025-03-14

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2025-11-26
Microsoft
Potential iSCSI R2T PDU Vulnerability2025-03-11
Debian
CVE-2025-2295: edk2 - EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow...2025
CVE-2025-2295 — Integer Overflow or Wraparound in Edk2 | cvebase