CVE-2025-2486
BaseFortify
Publication date: 2025-11-26
Last updated on: 2025-12-19
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tianocore | edk2 | 202402* |
| tianocore | edk2 | 202405 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-489 | The product is released with debugging code still enabled or active. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Ubuntu edk2 UEFI firmware packages accidentally allowing access to the UEFI Shell even in Secure Boot environments. Secure Boot is designed to prevent unauthorized code from running during system startup, but this flaw could allow bypassing those Secure Boot constraints by accessing the UEFI Shell. Some versions tried to enforce Secure Boot restrictions within the Shell, but this was incomplete, and the vulnerability represents an additional repair beyond a previous fix (CVE-2023-48733).
How can this vulnerability impact me? :
This vulnerability could allow an attacker with local access to bypass Secure Boot protections, potentially enabling the execution of unauthorized or malicious code during system startup. This could undermine system integrity and security, possibly leading to further compromise of the system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Ubuntu edk2 UEFI firmware packages to versions 2024.05-2ubuntu0.3 or 2024.02-2ubuntu0.3, which disable the UEFI Shell in Secure Boot environments and fix this vulnerability.