Vulnerability-Lookup

WID-SEC-W-2025-2299

Vulnerability from csaf_certbund - Published: 2025-10-14 22:00 - Updated: 2025-10-14 22:00

Summary

Lenovo BIOS: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Lenovo BIOS ausnutzen, um Daten zu manipulieren, einen Denial of Service zu verursachen, Code Auszuführen und seine Rechte zu erweitern.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Lenovo BIOS ausnutzen, um Daten zu manipulieren, einen Denial of Service zu verursachen, Code Auszuf\u00fchren und seine Rechte zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2299 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2299.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2299 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2299"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory vom 2025-10-14",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-205828"
      }
    ],
    "source_lang": "en-US",
    "title": "Lenovo BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-15T09:39:51.402+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2299",
      "initial_release_date": "2025-10-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0033",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-0033"
    },
    {
      "cve": "CVE-2025-22831",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-22831"
    },
    {
      "cve": "CVE-2025-22832",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-22832"
    },
    {
      "cve": "CVE-2025-22833",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-22833"
    },
    {
      "cve": "CVE-2025-27054",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-27054"
    },
    {
      "cve": "CVE-2025-33044",
      "product_status": {
        "known_affected": [
          "T005651"
        ]
      },
      "release_date": "2025-10-14T22:00:00.000+00:00",
      "title": "CVE-2025-33044"
    }
  ]
}

CVE-2025-22832 (GCVE-0-2025-22832)

Vulnerability from cvelistv5 – Published: 2025-10-14 14:00 – Updated: 2025-10-14 18:51

Title

Buffer Overflow in NTFS when parsing the ATTRIBUTE_LIST

Summary

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.

Severity ?

5.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

AMI

References

URL

Tags

https://go.ami.com/hubfs/Security%20Advisories/20…

Impacted products

	Vendor	Product	Version
	AMI	AptioV	Affected: AptioV_5.0 , < AptioV_5.040 (Custom)

Credits

Maxim Suhanov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22832",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T18:51:27.765158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T18:51:36.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "AptioV_5.040",
              "status": "affected",
              "version": "AptioV_5.0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Maxim Suhanov"
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability."
            }
          ],
          "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T14:00:42.309Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Buffer Overflow in NTFS when parsing the ATTRIBUTE_LIST",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2025-22832",
    "datePublished": "2025-10-14T14:00:42.309Z",
    "dateReserved": "2025-01-08T01:06:44.338Z",
    "dateUpdated": "2025-10-14T18:51:36.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27054 (GCVE-0-2025-27054)

Vulnerability from cvelistv5 – Published: 2025-10-09 03:18 – Updated: 2025-10-10 03:55

Title

Out-of-bounds Write in Display

Summary

Memory corruption while processing a malformed license file during reboot.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

qualcomm

References

URL

Tags

https://docs.qualcomm.com/product/publicresources…

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon	Affected: 315 5G IoT Modem Affected: 9205 LTE Modem Affected: AQT1000 Affected: AR8031 Affected: AR8035 Affected: C-V2X 9150 Affected: CSRA6620 Affected: CSRA6640 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: Flight RB5 5G Platform Affected: MDM9205S Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA4004 Affected: QCA6174A Affected: QCA6391 Affected: QCA6420 Affected: QCA6421 Affected: QCA6426 Affected: QCA6430 Affected: QCA6431 Affected: QCA6436 Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6698AU Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCA8386 Affected: QCA8695AU Affected: QCC2072 Affected: QCC710 Affected: QCC711 Affected: QCF8001 Affected: QCM2290 Affected: QCM4290 Affected: QCM4325 Affected: QCM4490 Affected: QCM5430 Affected: QCM6125 Affected: QCM6490 Affected: QCM6690 Affected: QCM8550 Affected: QCN6024 Affected: QCN6224 Affected: QCN6274 Affected: QCN7606 Affected: QCN9011 Affected: QCN9012 Affected: QCN9024 Affected: QCN9074 Affected: QCN9274 Affected: QCS2290 Affected: QCS4290 Affected: QCS4490 Affected: QCS5430 Affected: QCS6125 Affected: QCS615 Affected: QCS6490 Affected: QCS6690 Affected: QCS7230 Affected: QCS8250 Affected: QCS8300 Affected: QCS8550 Affected: QCS9100 Affected: QDU1000 Affected: QDU1010 Affected: QDU1110 Affected: QDU1210 Affected: QDX1010 Affected: QDX1011 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: QRB5165M Affected: QRB5165N Affected: QRU1032 Affected: QRU1052 Affected: QRU1062 Affected: QSM8250 Affected: QSM8350 Affected: QTS110 Affected: Qualcomm Video Collaboration VC1 Platform Affected: Qualcomm Video Collaboration VC3 Platform Affected: Qualcomm Video Collaboration VC5 Platform Affected: Robotics RB2 Platform Affected: Robotics RB5 Platform Affected: SA2150P Affected: SA4150P Affected: SA4155P Affected: SA6145P Affected: SA6150P Affected: SA6155 Affected: SA6155P Affected: SA7255P Affected: SA7775P Affected: SA8145P Affected: SA8150P Affected: SA8155 Affected: SA8155P Affected: SA8195P Affected: SA8255P Affected: SA8295P Affected: SA8530P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8180X+SDX55 Affected: SC8380XP Affected: SD 8 Gen1 5G Affected: SD670 Affected: SD730 Affected: SD855 Affected: SD865 5G Affected: SD888 Affected: SDX55 Affected: SDX61 Affected: SDX82 Affected: SDX85 Affected: SG4150P Affected: SG6150 Affected: SG6150P Affected: SG8275P Affected: SM4125 Affected: SM4635 Affected: SM6225P Affected: SM6250 Affected: SM6370 Affected: SM6650 Affected: SM6650P Affected: SM7250P Affected: SM7315 Affected: SM7325P Affected: SM7635 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8550P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: SM8850 Affected: SM8850P Affected: Smart Audio 400 Platform Affected: Snapdragon 4 Gen 1 Mobile Platform Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 480 5G Mobile Platform Affected: Snapdragon 480+ 5G Mobile Platform (SM4350-AC) Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 665 Mobile Platform Affected: Snapdragon 670 Mobile Platform Affected: Snapdragon 675 Mobile Platform Affected: Snapdragon 678 Mobile Platform (SM6150-AC) Affected: Snapdragon 680 4G Mobile Platform Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD) Affected: Snapdragon 690 5G Mobile Platform Affected: Snapdragon 695 5G Mobile Platform Affected: Snapdragon 710 Mobile Platform Affected: Snapdragon 720G Mobile Platform Affected: Snapdragon 730 Mobile Platform (SM7150-AA) Affected: Snapdragon 730G Mobile Platform (SM7150-AB) Affected: Snapdragon 732G Mobile Platform (SM7150-AC) Affected: Snapdragon 750G 5G Mobile Platform Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA) Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB) Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC) Affected: Snapdragon 778G 5G Mobile Platform Affected: Snapdragon 778G+ 5G Mobile Platform (SM7325-AE) Affected: Snapdragon 780G 5G Mobile Platform Affected: Snapdragon 782G Mobile Platform (SM7325-AF) Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 2 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon 8+ Gen 2 Mobile Platform Affected: Snapdragon 855 Mobile Platform Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC) Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 888 5G Mobile Platform Affected: Snapdragon 888+ 5G Mobile Platform (SM8350-AC) Affected: Snapdragon 8c Compute Platform (SC8180X-AD) "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform (SC8180X-AA, AB) Affected: Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon W5+ Gen 1 Wearable Platform Affected: Snapdragon Wear 1300 Platform Affected: Snapdragon X32 5G Modem-RF System Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X50 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X62 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR1 Platform Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: Snapdragon Auto 4G Modem Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SSG2115P Affected: SSG2125P Affected: SW5100 Affected: SW5100P Affected: SXR1120 Affected: SXR1230P Affected: SXR2130 Affected: SXR2230P Affected: SXR2250P Affected: SXR2330P Affected: SXR2350P Affected: TalynPlus Affected: WCD9306 Affected: WCD9326 Affected: WCD9335 Affected: WCD9340 Affected: WCD9341 Affected: WCD9360 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3910 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN3990 Affected: WCN3999 Affected: WCN6450 Affected: WCN6650 Affected: WCN6740 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T03:55:16.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon CCW",
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Technology",
            "Snapdragon Voice \u0026 Music",
            "Snapdragon WBC",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "315 5G IoT Modem"
            },
            {
              "status": "affected",
              "version": "9205 LTE Modem"
            },
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8031"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "C-V2X 9150"
            },
            {
              "status": "affected",
              "version": "CSRA6620"
            },
            {
              "status": "affected",
              "version": "CSRA6640"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "Flight RB5 5G Platform"
            },
            {
              "status": "affected",
              "version": "MDM9205S"
            },
            {
              "status": "affected",
              "version": "QAM8255P"
            },
            {
              "status": "affected",
              "version": "QAM8295P"
            },
            {
              "status": "affected",
              "version": "QAM8620P"
            },
            {
              "status": "affected",
              "version": "QAM8650P"
            },
            {
              "status": "affected",
              "version": "QAM8775P"
            },
            {
              "status": "affected",
              "version": "QAMSRV1H"
            },
            {
              "status": "affected",
              "version": "QAMSRV1M"
            },
            {
              "status": "affected",
              "version": "QCA4004"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6421"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6431"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6584AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6678AQ"
            },
            {
              "status": "affected",
              "version": "QCA6688AQ"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA6698AQ"
            },
            {
              "status": "affected",
              "version": "QCA6698AU"
            },
            {
              "status": "affected",
              "version": "QCA6797AQ"
            },
            {
              "status": "affected",
              "version": "QCA8081"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA8386"
            },
            {
              "status": "affected",
              "version": "QCA8695AU"
            },
            {
              "status": "affected",
              "version": "QCC2072"
            },
            {
              "status": "affected",
              "version": "QCC710"
            },
            {
              "status": "affected",
              "version": "QCC711"
            },
            {
              "status": "affected",
              "version": "QCF8001"
            },
            {
              "status": "affected",
              "version": "QCM2290"
            },
            {
              "status": "affected",
              "version": "QCM4290"
            },
            {
              "status": "affected",
              "version": "QCM4325"
            },
            {
              "status": "affected",
              "version": "QCM4490"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6125"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCM6690"
            },
            {
              "status": "affected",
              "version": "QCM8550"
            },
            {
              "status": "affected",
              "version": "QCN6024"
            },
            {
              "status": "affected",
              "version": "QCN6224"
            },
            {
              "status": "affected",
              "version": "QCN6274"
            },
            {
              "status": "affected",
              "version": "QCN7606"
            },
            {
              "status": "affected",
              "version": "QCN9011"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9024"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCN9274"
            },
            {
              "status": "affected",
              "version": "QCS2290"
            },
            {
              "status": "affected",
              "version": "QCS4290"
            },
            {
              "status": "affected",
              "version": "QCS4490"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS6125"
            },
            {
              "status": "affected",
              "version": "QCS615"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "QCS6690"
            },
            {
              "status": "affected",
              "version": "QCS7230"
            },
            {
              "status": "affected",
              "version": "QCS8250"
            },
            {
              "status": "affected",
              "version": "QCS8300"
            },
            {
              "status": "affected",
              "version": "QCS8550"
            },
            {
              "status": "affected",
              "version": "QCS9100"
            },
            {
              "status": "affected",
              "version": "QDU1000"
            },
            {
              "status": "affected",
              "version": "QDU1010"
            },
            {
              "status": "affected",
              "version": "QDU1110"
            },
            {
              "status": "affected",
              "version": "QDU1210"
            },
            {
              "status": "affected",
              "version": "QDX1010"
            },
            {
              "status": "affected",
              "version": "QDX1011"
            },
            {
              "status": "affected",
              "version": "QEP8111"
            },
            {
              "status": "affected",
              "version": "QFW7114"
            },
            {
              "status": "affected",
              "version": "QFW7124"
            },
            {
              "status": "affected",
              "version": "QMP1000"
            },
            {
              "status": "affected",
              "version": "QRB5165M"
            },
            {
              "status": "affected",
              "version": "QRB5165N"
            },
            {
              "status": "affected",
              "version": "QRU1032"
            },
            {
              "status": "affected",
              "version": "QRU1052"
            },
            {
              "status": "affected",
              "version": "QRU1062"
            },
            {
              "status": "affected",
              "version": "QSM8250"
            },
            {
              "status": "affected",
              "version": "QSM8350"
            },
            {
              "status": "affected",
              "version": "QTS110"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC1 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC5 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB2 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB5 Platform"
            },
            {
              "status": "affected",
              "version": "SA2150P"
            },
            {
              "status": "affected",
              "version": "SA4150P"
            },
            {
              "status": "affected",
              "version": "SA4155P"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA7255P"
            },
            {
              "status": "affected",
              "version": "SA7775P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SA8255P"
            },
            {
              "status": "affected",
              "version": "SA8295P"
            },
            {
              "status": "affected",
              "version": "SA8530P"
            },
            {
              "status": "affected",
              "version": "SA8540P"
            },
            {
              "status": "affected",
              "version": "SA8620P"
            },
            {
              "status": "affected",
              "version": "SA8650P"
            },
            {
              "status": "affected",
              "version": "SA8770P"
            },
            {
              "status": "affected",
              "version": "SA8775P"
            },
            {
              "status": "affected",
              "version": "SA9000P"
            },
            {
              "status": "affected",
              "version": "SC8180X+SDX55"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SD 8 Gen1 5G"
            },
            {
              "status": "affected",
              "version": "SD670"
            },
            {
              "status": "affected",
              "version": "SD730"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SD888"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SDX61"
            },
            {
              "status": "affected",
              "version": "SDX82"
            },
            {
              "status": "affected",
              "version": "SDX85"
            },
            {
              "status": "affected",
              "version": "SG4150P"
            },
            {
              "status": "affected",
              "version": "SG6150"
            },
            {
              "status": "affected",
              "version": "SG6150P"
            },
            {
              "status": "affected",
              "version": "SG8275P"
            },
            {
              "status": "affected",
              "version": "SM4125"
            },
            {
              "status": "affected",
              "version": "SM4635"
            },
            {
              "status": "affected",
              "version": "SM6225P"
            },
            {
              "status": "affected",
              "version": "SM6250"
            },
            {
              "status": "affected",
              "version": "SM6370"
            },
            {
              "status": "affected",
              "version": "SM6650"
            },
            {
              "status": "affected",
              "version": "SM6650P"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "SM7315"
            },
            {
              "status": "affected",
              "version": "SM7325P"
            },
            {
              "status": "affected",
              "version": "SM7635"
            },
            {
              "status": "affected",
              "version": "SM7635P"
            },
            {
              "status": "affected",
              "version": "SM7675"
            },
            {
              "status": "affected",
              "version": "SM7675P"
            },
            {
              "status": "affected",
              "version": "SM8550P"
            },
            {
              "status": "affected",
              "version": "SM8635"
            },
            {
              "status": "affected",
              "version": "SM8635P"
            },
            {
              "status": "affected",
              "version": "SM8650Q"
            },
            {
              "status": "affected",
              "version": "SM8735"
            },
            {
              "status": "affected",
              "version": "SM8750"
            },
            {
              "status": "affected",
              "version": "SM8750P"
            },
            {
              "status": "affected",
              "version": "SM8850"
            },
            {
              "status": "affected",
              "version": "SM8850P"
            },
            {
              "status": "affected",
              "version": "Smart Audio 400 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 4 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 480+ 5G Mobile Platform (SM4350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 665 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 670 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 680 4G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 690 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 695 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 710 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 720G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 750G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 780G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 782G Mobile Platform (SM7325-AF)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 7c+ Gen 3 Compute"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 3 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8+ Gen 2 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 888+ 5G Mobile Platform (SM8350-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180X-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180X-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Compute Platform (SC8180XP-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180X-AC, AF) \"Poipu Pro\""
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 2 5G Compute Platform (SC8180XP-AA, AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
            },
            {
              "status": "affected",
              "version": "Snapdragon AR2 Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF Gen 2"
            },
            {
              "status": "affected",
              "version": "Snapdragon W5+ Gen 1 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 1300 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X32 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X35 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X62 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X65 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X72 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X75 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2+ Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 4G Modem"
            },
            {
              "status": "affected",
              "version": "SRV1H"
            },
            {
              "status": "affected",
              "version": "SRV1L"
            },
            {
              "status": "affected",
              "version": "SRV1M"
            },
            {
              "status": "affected",
              "version": "SSG2115P"
            },
            {
              "status": "affected",
              "version": "SSG2125P"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR1120"
            },
            {
              "status": "affected",
              "version": "SXR1230P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "SXR2230P"
            },
            {
              "status": "affected",
              "version": "SXR2250P"
            },
            {
              "status": "affected",
              "version": "SXR2330P"
            },
            {
              "status": "affected",
              "version": "SXR2350P"
            },
            {
              "status": "affected",
              "version": "TalynPlus"
            },
            {
              "status": "affected",
              "version": "WCD9306"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9360"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9378"
            },
            {
              "status": "affected",
              "version": "WCD9378C"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCD9390"
            },
            {
              "status": "affected",
              "version": "WCD9395"
            },
            {
              "status": "affected",
              "version": "WCN3910"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN3990"
            },
            {
              "status": "affected",
              "version": "WCN3999"
            },
            {
              "status": "affected",
              "version": "WCN6450"
            },
            {
              "status": "affected",
              "version": "WCN6650"
            },
            {
              "status": "affected",
              "version": "WCN6740"
            },
            {
              "status": "affected",
              "version": "WCN6755"
            },
            {
              "status": "affected",
              "version": "WCN7750"
            },
            {
              "status": "affected",
              "version": "WCN7860"
            },
            {
              "status": "affected",
              "version": "WCN7861"
            },
            {
              "status": "affected",
              "version": "WCN7880"
            },
            {
              "status": "affected",
              "version": "WCN7881"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8832"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            },
            {
              "status": "affected",
              "version": "X2000077"
            },
            {
              "status": "affected",
              "version": "X2000086"
            },
            {
              "status": "affected",
              "version": "X2000090"
            },
            {
              "status": "affected",
              "version": "X2000092"
            },
            {
              "status": "affected",
              "version": "X2000094"
            },
            {
              "status": "affected",
              "version": "XG101002"
            },
            {
              "status": "affected",
              "version": "XG101032"
            },
            {
              "status": "affected",
              "version": "XG101039"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while processing a malformed license file during reboot."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T03:18:03.164Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
        }
      ],
      "title": "Out-of-bounds Write in Display"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2025-27054",
    "datePublished": "2025-10-09T03:18:03.164Z",
    "dateReserved": "2025-02-18T09:19:46.885Z",
    "dateUpdated": "2025-10-10T03:55:16.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22833 (GCVE-0-2025-22833)

Vulnerability from cvelistv5 – Published: 2025-10-14 14:00 – Updated: 2025-10-14 18:51

Title

FixupArray Pointer Validation in NTFS

Summary

APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Severity ?

4.6 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

AMI

References

URL

Tags

https://go.ami.com/hubfs/Security%20Advisories/20…

Impacted products

	Vendor	Product	Version
	AMI	AptioV	Affected: AptioV_5.0 , < AptioV_5.040 (Custom)

Credits

Maxim Suhanov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22833",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T18:51:49.850327Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T18:51:56.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "AptioV_5.040",
              "status": "affected",
              "version": "AptioV_5.0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Maxim Suhanov"
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution."
            }
          ],
          "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T14:00:50.483Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "FixupArray Pointer Validation in NTFS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2025-22833",
    "datePublished": "2025-10-14T14:00:50.483Z",
    "dateReserved": "2025-01-08T01:06:44.338Z",
    "dateUpdated": "2025-10-14T18:51:56.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0033 (GCVE-0-2025-0033)

Vulnerability from cvelistv5 – Published: 2025-10-14 14:49 – Updated: 2025-10-14 19:10

Summary

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.

Severity ?

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-284 - Improper Access Control

Assigner

AMD

References

URL

Tags

https://www.amd.com/en/resources/product-security…

Impacted products

Vendor

Product

Version

AMD

AMD EPYC™ 7003 Series Processors (formerly codenamed "Milan")

Unaffected: MilanPI 1.0.0.H

AMD

AMD EPYC™ 9005 Series Processors (formerly codenamed "Turin")

Unaffected: TurinPI 1.0.0.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T19:10:24.848583Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T19:10:33.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors (formerly codenamed \"Milan\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "MilanPI 1.0.0.H"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors (formerly codenamed \"Turin\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "TurinPI 1.0.0.6"
            }
          ]
        }
      ],
      "datePublic": "2025-10-14T14:19:46.844Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.\u003cbr\u003e"
            }
          ],
          "value": "Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284  Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T14:49:03.633Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3020.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2025-0033",
    "datePublished": "2025-10-14T14:49:03.633Z",
    "dateReserved": "2024-11-21T16:17:59.196Z",
    "dateUpdated": "2025-10-14T19:10:33.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22831 (GCVE-0-2025-22831)

Vulnerability from cvelistv5 – Published: 2025-10-14 14:00 – Updated: 2025-10-14 18:51

Title

Buffer Overflow in NTFS when parsing the VOLUME_NAME

Summary

Severity ?

5.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

AMI

References

URL

Tags

https://go.ami.com/hubfs/Security%20Advisories/20…

Impacted products

	Vendor	Product	Version
	AMI	AptioV	Affected: AptioV_5.0 , < AptioV_5.040 (Custom)

Credits

Maxim Suhanov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22831",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T18:51:00.525277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T18:51:10.280Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "AptioV_5.040",
              "status": "affected",
              "version": "AptioV_5.0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Maxim Suhanov"
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.\u003cbr\u003e"
            }
          ],
          "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T14:00:34.748Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Buffer Overflow in NTFS when parsing the VOLUME_NAME",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2025-22831",
    "datePublished": "2025-10-14T14:00:34.748Z",
    "dateReserved": "2025-01-08T01:06:44.338Z",
    "dateUpdated": "2025-10-14T18:51:10.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-33044 (GCVE-0-2025-33044)

Vulnerability from cvelistv5 – Published: 2025-10-14 14:00 – Updated: 2025-10-14 18:52

Title

exFat Memory Corruption Issue

Summary

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.

Severity ?

5.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

AMI

References

URL

Tags

https://go.ami.com/hubfs/Security%20Advisories/20…

Impacted products

	Vendor	Product	Version
	AMI	AptioV	Affected: AptioV_5.0 , < AptioV_5.040 (Custom)

Credits

Maxim Suhanov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T18:52:26.811607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T18:52:35.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AptioV",
          "vendor": "AMI",
          "versions": [
            {
              "lessThan": "AptioV_5.040",
              "status": "affected",
              "version": "AptioV_5.0",
              "versionType": "Custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Maxim Suhanov"
        }
      ],
      "datePublic": "2025-10-14T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability."
            }
          ],
          "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T14:00:58.404Z",
        "orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
        "shortName": "AMI"
      },
      "references": [
        {
          "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025008.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "exFat Memory Corruption Issue",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6",
    "assignerShortName": "AMI",
    "cveId": "CVE-2025-33044",
    "datePublished": "2025-10-14T14:00:58.404Z",
    "dateReserved": "2025-04-15T16:15:34.583Z",
    "dateUpdated": "2025-10-14T18:52:35.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2299

CVE-2025-22832 (GCVE-0-2025-22832)

CVE-2025-27054 (GCVE-0-2025-27054)

CVE-2025-22833 (GCVE-0-2025-22833)

CVE-2025-0033 (GCVE-0-2025-0033)

CVE-2025-22831 (GCVE-0-2025-22831)

CVE-2025-33044 (GCVE-0-2025-33044)

Tags

Sightings

Nomenclature