CVE-2025-2486
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-26

Last updated on: 2025-12-19

Assigner: Canonical Ltd.

Description
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-26
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-11-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-2486
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tianocore edk2 202402*
tianocore edk2 202405
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Ubuntu edk2 UEFI firmware packages accidentally allowing access to the UEFI Shell even in Secure Boot environments. Secure Boot is designed to prevent unauthorized code from running during system startup, but this flaw could allow bypassing those Secure Boot constraints by accessing the UEFI Shell. Some versions tried to enforce Secure Boot restrictions within the Shell, but this was incomplete, and the vulnerability represents an additional repair beyond a previous fix (CVE-2023-48733).

Impact Analysis

This vulnerability could allow an attacker with local access to bypass Secure Boot protections, potentially enabling the execution of unauthorized or malicious code during system startup. This could undermine system integrity and security, possibly leading to further compromise of the system.

Mitigation Strategies

Upgrade the Ubuntu edk2 UEFI firmware packages to versions 2024.05-2ubuntu0.3 or 2024.02-2ubuntu0.3, which disable the UEFI Shell in Secure Boot environments and fix this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-2486. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart