Home > Vulnerability Database > CVE-2025-3770

Mend.io Vulnerability Database

CVE-2025-3770

Good to know:

Date: August 6, 2025

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

Severity Score

7.0

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-3770

Url: https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

Url: https://www.mend.io/vulnerability-database/CVE-2025-3770

Severity Score

7.0

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

Top Fix

Upgrade Version

Upgrade to version https://github.com/tianocore/edk2.git - no_fix

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-3770

Good to know:

Date: August 6, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?