cbcvebase.
CVE-2025-2295
published 2025-03-14

CVE-2025-2295: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this…

low3.5CVSS 3.1
AVNACLPRHUIRSUCNILAL
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

Affected

22 ranges
VendorProductVersion rangeFixed in
debianedk2< edk2 2025.02-4 (forky)edk2 2025.02-4 (forky)
msrcazl3_edk2_20240524git3e722403cd16-10_on_azure_linux_3.0
msrcazl3_edk2_20240524git3e722403cd16-11_on_azure_linux_3.0
msrcazl3_edk2_20240524git3e722403cd16-14_on_azure_linux_3.0
msrcazl3_edk2_20240524git3e722403cd16-9_on_azure_linux_3.0
msrcazl3_qemu_8.2.0-16_on_azure_linux_3.0
msrccbl2_edk2_20230301gitf80f052277c8-42_on_cbl_mariner_2.0
msrccbl2_edk2_20230301gitf80f052277c8-43_on_cbl_mariner_2.0
msrccbl2_edk2_20230301gitf80f052277c8-44_on_cbl_mariner_2.0
msrccbl2_edk2_20230301gitf80f052277c8-45_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-13_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-14_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-15_on_cbl_mariner_2.0
msrccbl2_hvloader_1.0.1-16_on_cbl_mariner_2.0
msrccbl2_qemu_6.2.0-24_on_cbl_mariner_2.0
tianocoreedk2<= edk2-stable202502
tianocoreedk2>= 0 < 2025.02-42025.02-4
tianocoreedk2>= 0 < 2025.02-42025.02-4
tianocoreedk2>= 0 < 2022.02-3ubuntu0.22.04.52022.02-3ubuntu0.22.04.5
tianocoreedk2>= 0 < 2022.02-3ubuntu0.22.04.42022.02-3ubuntu0.22.04.4
tianocoreedk2>= 0 < 2024.02-2ubuntu0.72024.02-2ubuntu0.7
tianocoreedk2>= 0 < 2024.02-2ubuntu0.62024.02-2ubuntu0.6

CVSS provenance

nvdv3.13.5LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L
osv7.4HIGH