SB2025011541 - Multiple vulnerabilities in Microsoft Secure Boot 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025011541

SB2025011541 - Multiple vulnerabilities in Microsoft Secure Boot

Published: January 15, 2025 Updated: March 10, 2025

Security Bulletin ID SB2025011541
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2025-21213)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Secure Boot. An attacker with physical access can bypass Secure Boot and gain access to sensitive information on the system.


2) Out-of-bounds read (CVE-ID: CVE-2025-21215)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Secure Boot. An attacker with physical access can trigger an out-of-bounds read error and read contents of memory on the system.


3) Protection Mechanism Failure (CVE-ID: CVE-2025-21211)

The vulnerability allows a local attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in Secure Boot. An attacker with physical access can bypass Secure Boot.


Remediation

Install update from vendor's website.

References