{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3770", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2025-04-17T16:10:59.678Z", "datePublished": "2025-08-07T00:42:14.628Z", "dateUpdated": "2025-08-07T13:28:12.175Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "UefiCpuPkg", "product": "EDK2", "vendor": "TianoCore", "versions": [{"lessThanOrEqual": "edk2-stable202505", "status": "affected", "version": "0", "versionType": "Custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Christopher Domas"}], "datePublic": "2025-08-07T00:41:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."}], "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-08-07T00:42:14.628Z"}, "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr"}], "source": {"discovery": "UNKNOWN"}, "title": "SMM IDT Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-07T13:28:05.514885Z", "id": "CVE-2025-3770", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T13:28:12.175Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-07T13:28:05.514885Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T13:28:09.458Z"}}], "cna": {"title": "SMM IDT Privilege Escalation Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Christopher Domas"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TianoCore", "product": "EDK2", "versions": [{"status": "affected", "version": "0", "versionType": "Custom", "lessThanOrEqual": "edk2-stable202505"}], "packageName": "UefiCpuPkg", "defaultStatus": "unaffected"}], "datePublic": "2025-08-07T00:41:00.000Z", "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.", "supportingMedia": [{"type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-08-07T00:42:14.628Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3770", "state": "PUBLISHED", "dateUpdated": "2025-08-07T13:28:12.175Z", "dateReserved": "2025-04-17T16:10:59.678Z", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "datePublished": "2025-08-07T00:42:14.628Z", "assignerShortName": "TianoCore"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cProtection Mechanism Failure\u201d by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability."}, {"lang": "es", "value": "EDK2 contiene una vulnerabilidad en la BIOS que permite a un atacante provocar un fallo del mecanismo de protecci\u00f3n mediante acceso local. La explotaci\u00f3n exitosa de esta vulnerabilidad provocar\u00e1 la ejecuci\u00f3n de c\u00f3digo arbitrario y afectar\u00e1 la confidencialidad, la integridad y la disponibilidad."}], "id": "CVE-2025-3770", "lastModified": "2025-08-07T21:26:37.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "infosec@edk2.groups.io", "type": "Secondary"}]}, "published": "2025-08-07T01:15:25.713", "references": [{"source": "infosec@edk2.groups.io", "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}]}

{"bugzilla": {"description": "SMM IDT Privilege Escalation Vulnerability", "id": "2386984", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386984"}, "csaw": false, "cwe": "CWE-693", "details": ["No description is available for this CVE."], "name": "CVE-2025-3770", "public_date": "2025-08-07T00:42:14Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3770\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3770\nhttps://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr"], "threat_severity": "Important"}