CVE-2025-3770
Publication date 7 August 2025
Last updated 26 November 2025
Ubuntu priority
Description
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| edk2 | 25.10 questing |
Fixed 2025.02-8ubuntu3
|
| 25.04 plucky |
Fixed 2025.02-3ubuntu2.2
|
|
| 24.04 LTS noble |
Fixed 2024.02-2ubuntu0.6
|
|
| 22.04 LTS jammy |
Fixed 2022.02-3ubuntu0.22.04.4
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.0 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7894-1
- EDK II vulnerabilities
- 26 November 2025