CVE-2025-11577
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-14

Last updated on: 2025-10-15

Assigner: CERT/CC

Description
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-14
Last Modified
2025-10-15
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11577
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
clevo firmware *
gigabyte g5_mf *
gigabyte g5_kf5_2024 *
gigabyte g6_kf *
xpg xenia_15g *
gigabyte g5_me *
gigabyte g6x_9kg_2024 *
gigabyte g5_kf_2024 *
gigabyte g5_ke *
insyde_software firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves Clevo's UEFI firmware update packages inadvertently including private signing keys used for Intel Boot Guard verification. Intel Boot Guard is a security technology that ensures the integrity of the system's early boot process by cryptographically verifying firmware before it runs. Because the private keys were exposed, attackers with access to the system's flash storage can sign malicious firmware that appears trusted by the system, undermining the boot process's security and allowing persistent, stealthy control over affected devices. [1, 2]

Impact Analysis

The impact of this vulnerability is severe. An attacker who gains write access to the system's SPI flash storageβ€”through physical access or exploiting software vulnerabilitiesβ€”can use the leaked private keys to sign malicious firmware. This malicious firmware would be trusted by Intel Boot Guard, allowing the attacker to install persistent backdoors or implants at the firmware level. This compromises the device's integrity, enabling stealthy and persistent control over the system, potentially leading to complete system compromise without user interaction. [1, 2]

Detection Guidance

Detection involves assessing whether your system is running affected Clevo-based firmware versions and monitoring for unauthorized firmware modifications. Since the vulnerability involves leaked private keys allowing malicious firmware to be signed and trusted by Boot Guard, you should verify the firmware version and integrity. Specific commands are not provided in the resources, but general approaches include checking firmware version information via system tools and using UEFI firmware analysis tools like UEFITool to inspect firmware images for unauthorized changes. Monitoring SPI flash storage for unexpected writes or changes may also help detect exploitation attempts. [1, 2]

Mitigation Strategies

Immediate mitigation steps include assessing exposure to affected firmware versions, avoiding use of firmware update packages containing the leaked keys, and applying firmware updates only from verified, trusted sources once available. Users should monitor for unauthorized firmware modifications and ensure physical and software protections are in place to prevent unauthorized write access to the system's flash storage. Since no public remediation steps or direct mitigations have been announced, caution and vigilance are advised until updated firmware with uncompromised keys is released. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11577. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart