Описание
MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in IGEL OS which address this vulnerability. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Secure Boot.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows Server 2012 R2 | ||
| Windows Server 2012 R2 (Server Core installation) | ||
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows Server 2016 | ||
| Windows 10 Version 1607 for 32-bit Systems | ||
| Windows 10 Version 1607 for x64-based Systems | ||
| Windows Server 2016 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
4.6 Medium
CVSS3
Связанные уязвимости
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Уязвимость модуля igel-flash-driver операционных систем IGEL, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
4.6 Medium
CVSS3