A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to enterprise and consumer devices. Insecure NVRAM Variable Handling The vulnerability stems from the improper use […]

The post Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Anupriya

Source: gbHackers
Source Link: https://gbhackers.com/insyde-uefi-flaw/