CVE-2025-47827

Sažetak

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Reference

https://github.com/Zedeldi/CVE-2025-47827
https://github.com/Zedeldi/igelfs
https://github.com/Zedeldi/CVE-2025-47827
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47827

CVSS

Base:	4.6
Impact:	3.6
Exploitability:	0.9

Pristup

Vektor	Složenost	Autentikacija
PHYSICAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

05-11-2025 - 19:26

Objavljeno

05-06-2025 - 14:15