Cybersecurity experts have revealed a critical Secure Boot bypass vulnerability (CVE-2025-3052) that allows attackers to disable security features and install malicious bootkits on most systems trusting Microsoftโs UEFI CA 2011 certificate. Microsoft has issued patches and updated the revocation list to mitigate the flaw, which can be exploited if attackers gain administrative access. #CVE-2025-3052 #UEFICA2011 #SecureBoot
Keypoints
- The vulnerability affects nearly all systems supporting Secure Boot that trust Microsoftโs UEFI CA 2011 certificate.
- Attackers with admin rights can modify a specific NVRAM variable to disable Secure Boot using a signed BIOS utility.
- The flaw enables the installation of bootkit malware that can evade detection by the operating system.
- Microsoft has addressed the issue by adding affected modules to the Secure Boot revocation database (dbx).
- A similar Secure Boot bypass named Hydroph0bia (CVE-2025-4275) was also discovered and patched in Insyde H2O firmware.