Home > Vulnerability Database > CVE-2025-2486

Mend.io Vulnerability Database

CVE-2025-2486

Good to know:

Date: November 26, 2025

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

Severity Score

5.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-2486

Url: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797

Url: https://www.mend.io/vulnerability-database/CVE-2025-2486

Severity Score

5.5

Weakness Type (CWE)

Active Debug Code

CWE-489

Top Fix

Upgrade Version

Upgrade to version https://github.com/tianocore/edk2.git - edk2-stable202505

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-2486

Good to know:

Date: November 26, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?