CVE-2025-2296

CVE-2025-2296

Name

CVE-2025-2296

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

Type

URI

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

CPE URI	Source package	Min version	Max version
	edk2	== 0	== None

CPE URI

Source package

Min version

Max version

edk2

== 0

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
edk2	edge-community	0.0.202508-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202308-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	3.23-community	0.0.202508-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	3.22-community	0.0.202308-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

edk2

edge-community

0.0.202508-r4

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

edk2

edge-community