CVE-2025-3770

HIGH

EDK2 - RCE

Title source: llm

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

References (1)

[Vendor Advisory] https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

Scores

CVSS v3 7.0

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-693

Status draft

Timeline

Published Aug 07, 2025

Tracked Since Feb 18, 2026