CVE-2025-12051
Buffer Overflow in Tool Package Drivers via RTL_QUERY_REGISTRY_DIRECT
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Insyde
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| insyde | h2offt | 6.76.00 |
| insyde | h2offt | 200.02.01.00 |
| insyde | h2ouvez | 200.02.01.00 |
| insyde | h2osde | 200.02.01.00 |
| insyde | h2orte | 200.02.01.00 |
| insyde | h2ooae | 200.02.01.00 |
| insyde | h2opcm | 200.02.01.00 |
| insyde | h2oelv | 200.02.01.00 |
| insyde | h2ouve_arm | 200.02.01.00 |
| insyde | h2osde_arm | 200.02.01.00 |
| insyde | h2orte_arm | 200.02.01.00 |
| hp | flashwin | 6.51.00 |
| hp | readback_tool | 1.2.4.0 |
| hp | flashverifyutility | 6.2.5.0 |
| hp | issecurebootkeyinstaller | 1.2.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves drivers in certain tool packages that use the RTL_QUERY_REGISTRY_DIRECT flag to read registry values. An untrusted user-mode application can exploit this to cause a buffer overflow, which is an out-of-bounds write error. This happens because the drivers read registry values insecurely, allowing the overflow to occur. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a buffer overflow that impacts the confidentiality, integrity, and availability of the affected system. Since the CVSS score indicates high impact on these aspects, an attacker with low privileges and local access could exploit this to compromise system security without user interaction. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the affected tools and drivers to the fixed versions provided by the vendor. Specifically, update H2OFFT (mobile) to version 6.76.00 or newer, H2OFFT (server/embedded) to version 200.02.01.00 or newer, and other Insyde tools such as H2OUVE, H2OSDE, H2ORTE, H2OOAE, H2OPCM, H2OELV, H2OUVE_ARM, H2OSDE_ARM, H2ORTE_ARM to version 200.02.01.00 or newer. Also update OEM tools like HP FlashWin to 6.51.00, HP Readback tool to 1.2.4.0, HP FlashVerifyUtility to 6.2.5.0, and HP IsSecureBootKeyInstaller to 1.2.0.2. These updates address the buffer overflow vulnerability caused by insecure registry value reading. [1]