CVE-2025-3770
7.0
HIGH
CVSS 3.1
EPSS 0.08%
Description
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
How to fix CVE-2025-3770
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/edk2—no fix listed
Is CVE-2025-3770 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |