CVE-2025-33045 — Write-what-where Condition in Aptiov

CWE-123 — Write-what-where Condition CWE-200 — Sensitive Information Exposure CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.7MEDIUMNVD

CNA8.2GHSA8.5

EPSS

0.0%

top 94.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMI Aptiov AMI Aptio V

Timeline

PublishedSep 9

Latest updateMar 27

Description

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information disclosure, arbitrary data writing, and impact Confidentiality, Integrity, and Availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ami/aptiovAptioV_5.0 — AptioV_5.040

▶NVDami/aptio_v5.0 — 5.040

🔴Vulnerability Details

GHSA

Home Assistant has stored XSS in history-graphs↗2026-03-27

▶

CVEList

Legacy Serial Redirection SMRAM Vulnerabilities↗2025-09-09

▶

GHSA

GHSA-9m5j-r52w-m9v5: APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to a↗2025-09-09

▶