{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html"}, {"url": "https://www.binarly.io/advisories/brly-dva-2025-001"}, {"url": "https://www.kb.cert.org/vuls/id/806555"}], "descriptions": [{"lang": "en", "value": "An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise."}, {"lang": "es", "value": "Una vulnerabilidad de escritura arbitraria en el firmware UEFI firmado por Microsoft permite la ejecución de código de software no confiable. Esto permite a un atacante controlar su valor, lo que provoca escrituras arbitrarias en memoria, incluyendo la modificación de configuraciones críticas del firmware almacenadas en la NVRAM. La explotación de esta vulnerabilidad podría permitir eludir la seguridad, mecanismos de persistencia o comprometer completamente el sistema."}], "x_remediations": {"windows": [{"type": "update", "anyOf": ["KB5060118", "KB5062570", "KB5063774", "KB5063899", "KB5065425", "KB5066780", "KB5068779", "KB5070879", "KB5071542", "KB5073450", "KB5075897", "KB5077792", "KB5078133", "KB5078734", "KB5082060"], "products": ["Windows Server 2022, 23H2 Edition (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060525"], "products": ["Windows Server 2022", "Windows Server 2022 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060526", "KB5062572", "KB5063880", "KB5065432", "KB5066782", "KB5068787", "KB5070884", "KB5071547", "KB5073457", "KB5075906", "KB5077800", "KB5078136", "KB5078766", "KB5082142", "KB5082314"], "products": ["Windows Server 2022", "Windows Server 2022 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060531", "KB5062557", "KB5063877", "KB5065428", "KB5066187", "KB5066586", "KB5068791", "KB5070883", "KB5071544", "KB5073723", "KB5074975", "KB5075904", "KB5077795", "KB5078131", "KB5078752", "KB5082123"], "products": ["Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060533", "KB5061087", "KB5062554", "KB5062649", "KB5063159", "KB5063709", "KB5063842", "KB5065429", "KB5066188", "KB5066198", "KB5066791", "KB5068781", "KB5071546", "KB5073724", "KB5074976", "KB5075912", "KB5077796", "KB5078129", "KB5078885", "KB5082200"], "products": ["Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for x64-based Systems"]}, {"type": "update", "anyOf": ["KB5060826", "KB5060999", "KB5062552", "KB5062663", "KB5063875", "KB5064080", "KB5065431", "KB5065790", "KB5066189", "KB5066793", "KB5067112", "KB5068865", "KB5070312", "KB5071417", "KB5073455", "KB5075941", "KB5077797", "KB5078132", "KB5078883", "KB5082052"], "products": ["Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows 11 Version 23H2 for x64-based Systems"]}, {"type": "update", "anyOf": ["KB5060829", "KB5060842", "KB5062553", "KB5062660", "KB5063060", "KB5063878", "KB5064081", "KB5064489", "KB5065426", "KB5065789", "KB5066835", "KB5067036", "KB5068221", "KB5068861", "KB5070311", "KB5070773", "KB5070881", "KB5072033", "KB5072359", "KB5073379", "KB5074105", "KB5074109", "KB5075899", "KB5077181", "KB5077241", "KB5077744", "KB5077793", "KB5078127", "KB5078135", "KB5078740", "KB5079391", "KB5079473", "KB5082063", "KB5083769", "KB5085516", "KB5086672"], "products": ["Windows 11 Version 24H2 for ARM64-based Systems", "Windows 11 Version 24H2 for x64-based Systems", "Windows Server 2025", "Windows Server 2025 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060841"], "products": ["Windows 11 Version 24H2 for ARM64-based Systems", "Windows 11 Version 24H2 for x64-based Systems", "Windows Server 2025", "Windows Server 2025 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5060998", "KB5062561", "KB5063889", "KB5065430", "KB5066837"], "products": ["Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems"]}, {"type": "update", "anyOf": ["KB5061010", "KB5062560", "KB5063871", "KB5065427", "KB5066836", "KB5068864", "KB5070882", "KB5071543", "KB5073722", "KB5074974", "KB5075999", "KB5078938", "KB5082198"], "products": ["Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5061018", "KB5062597", "KB5063950", "KB5065507", "KB5066873", "KB5068905", "KB5070886", "KB5071503", "KB5073696", "KB5075970", "KB5078774", "KB5082126"], "products": ["Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)"]}, {"type": "update", "anyOf": ["KB5061059", "KB5062592", "KB5063906", "KB5065509", "KB5066875", "KB5068907", "KB5070887", "KB5071505", "KB5073698", "KB5075971", "KB5078775", "KB5082127"], "products": ["Windows Server 2012", "Windows Server 2012 (Server Core installation)"]}]}, "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "DISCARDED_CNA", "dateUpdated": "2025-06-10T20:15:23Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-3052", "state": "PUBLISHED", "dateUpdated": "2025-06-12T16:06:29Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2025-06-10T20:15:23Z", "assignerShortName": "certcc"}, "dataVersion": "5.0"}