CVE-2025-2486
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-2486, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-26

Last updated on: 2025-12-19

Assigner: Canonical Ltd.

Description

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-26
Last Modified
2025-12-19
Generated
2026-07-06
AI Q&A
2025-11-26
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tianocore edk2 202402*
tianocore edk2 202405

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-489 The product is released with debugging code still enabled or active.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Ubuntu edk2 UEFI firmware packages accidentally allowing access to the UEFI Shell even in Secure Boot environments. Secure Boot is designed to prevent unauthorized code from running during system startup, but this flaw could allow bypassing those Secure Boot constraints by accessing the UEFI Shell. Some versions tried to enforce Secure Boot restrictions within the Shell, but this was incomplete, and the vulnerability represents an additional repair beyond a previous fix (CVE-2023-48733).

Impact Analysis

This vulnerability could allow an attacker with local access to bypass Secure Boot protections, potentially enabling the execution of unauthorized or malicious code during system startup. This could undermine system integrity and security, possibly leading to further compromise of the system.

Mitigation Strategies

Upgrade the Ubuntu edk2 UEFI firmware packages to versions 2024.05-2ubuntu0.3 or 2024.02-2ubuntu0.3, which disable the UEFI Shell in Secure Boot environments and fix this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-2486. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart