CVE-2025-2295

Publication date 14 March 2025

Last updated 26 November 2025

Ubuntu priority

Cvss 3 Severity Score

Description

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
edk2	25.10 questing	Not affected
	25.04 plucky	Fixed 2025.02-3ubuntu2.2
	24.10 oracular	Ignored end of life, was needs-triage
	24.04 LTS noble	Fixed 2024.02-2ubuntu0.6
	22.04 LTS jammy	Fixed 2022.02-3ubuntu0.22.04.4
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
edk2	Upstream: 17cdc51

Severity score breakdown

Parameter	Value
Base score	3.5 · Low
Attack vector	Network
Attack complexity	Low
Privileges required	High
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	Low
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

References

Related Ubuntu Security Notices (USN)

USN-7894-1
EDK II vulnerabilities
26 November 2025