Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
CVE-2025-4275: Insyde H2O UEFI Vulnerability Enables Certificate Injection via Unprotected NVRAM Variable
Malware and Vulnerabilities
June 10, 2025
cert
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to inject unauthorised digital certificates via an unprotected NVRAM variable. This flaw enables the execution of arbitrary firmware during the early boot process.
Read More
UEFI Firmware
Insyde H2O
Secure Boot
NVRAM Vulnerability
CVE-2025-4275
Publisher
Previous
Birmingham, AL dermatologist notifies 86K people of dat ...
Breaches and Incidents
Next
Critical Vulnerabilities in Ivanti Workspace Control Al ...
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_366815456.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/1404_shutterstock_622693508.jpg)
