CVE-2025-2486

Name
CVE-2025-2486
Description
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@ubuntu.com https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797

Match rules

CPE URI Source package Min version Max version
edk2 == 2024.05 == None
edk2 == 2024.02 == None
cpe:2.3:a:tianocore:edk2:202402*:*:*:*:*:*:*:* edk2 == None == 202402*
cpe:2.3:a:tianocore:edk2:202405:*:*:*:*:*:*:* edk2 == None == 202405

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
edk2 edge-community 0.0.202508-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 edge-community 0.0.202508-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 edge-community 0.0.202508-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 edge-community 0.0.202508-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 edge-community 0.0.202508-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 edge-community 0.0.202308-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 3.23-community 0.0.202508-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
edk2 3.22-community 0.0.202308-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable