CVE-2025-2296

Publication date

2025-12-09 15:00:48

Family

TianoCore

State

PUBLISHED

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.