Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k7zd-s9nc-r3hb
Vulnerability ID VCID-k7zd-s9nc-r3hb
Aliases CVE-2025-3770
Summary EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
Status Published
Exploitability 0.5
Weighted Severity 6.3
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-693 Protection Mechanism Failure
System Score Found at
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00022 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2025-3770
cvssv3.1 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7 https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
ssvc Track https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-3770
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1110533 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533
GHSA-vx5v-4gg6-6qxr https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
USN-7894-1 https://usn.ubuntu.com/7894-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:28:05Z/ Found at https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
Exploit Prediction Scoring System (EPSS)
Percentile 0.05863
EPSS Score 0.00022
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T16:38:35.190277+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.0.0