CVE Tools

Home/Vulnerability/CVE-2025-3052

CVE-2025-3052

An arbitrary write vulnerability in Microsoft signed UEFI firmware from DT Research Inc.

Published: Jun 10, 2025Updated: Jun 12, 2025 Sources: CVE List NVD BDU

8.2CVSS

HIGH

An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

EPSS Score

0.1%

Top 77.7%

CISA KEV

Not in KEV

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:HPrivileges Required

High

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Affected Products

BiosFlashShell

DT Research

Web & CMS Plugins

Dtbios

DT Research

Web & CMS Plugins

Windows Server 2012

Microsoft Corp

Operating Systems / windows

Windows Server 2012 R2

Microsoft Corp

Operating Systems / windows

Windows 10

Microsoft Corp

Operating Systems / windows

dt research Web & CMS Plugins

microsoft corpcommercialUSOperating Systemsaka microsoft corporation

and 18 more affected products View all →

Exploitability

Official Patch Available

References

https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html

https://www.binarly.io/advisories/brly-dva-2025-001

https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

and 2 more references View all →

Timeline

Published

Jun 10, 2025

Last Updated

Jun 12, 2025

News mentions

1

Vulnerable UEFI Shim Bootloaders Risk Broad Secure Boot Bypass
en-us·Daily CyberSecurity (securityonline.info)· Summary only·Jun 15, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-3052 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows