CVE-2025-3770Protection Mechanism Failure in Edk2

CWE-693Protection Mechanism FailureCWE-122Heap-based Buffer Overflow7 documents6 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 93.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedAug 7
Latest updateNov 26

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

Debiantianocore/edk2< 2025.02-8+deb13u1+1
CVEListV5tianocore/edk2edk2-stable202505

🔴Vulnerability Details

2
OSV
CVE-2025-3770: EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access2025-08-07
CVEList
SMM IDT Privilege Escalation Vulnerability2025-08-07

📋Vendor Advisories

4
Ubuntu
EDK II vulnerabilities2025-11-26
Microsoft
SMM IDT Privilege Escalation Vulnerability2025-08-12
Debian
CVE-2025-3770: edk2 - EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Me...2025
Microsoft
Heap-based Buffer Overflow in vim/vim2021-09-14
CVE-2025-3770 — Protection Mechanism Failure in Edk2 | cvebase