CVE-2025-11577
Unknown
Unknown - Not Provided
BaseFortify
Vulnerability report for CVE-2025-11577, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2025-10-14
Last updated on: 2025-10-15
Assigner: CERT/CC
Description
Description
Clevoβs UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| clevo | firmware | * |
| gigabyte | g5_mf | * |
| gigabyte | g5_kf5_2024 | * |
| gigabyte | g6_kf | * |
| xpg | xenia_15g | * |
| gigabyte | g5_me | * |
| gigabyte | g6x_9kg_2024 | * |
| gigabyte | g5_kf_2024 | * |
| gigabyte | g5_ke | * |
| insyde_software | firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |