A critical vulnerability in Insyde H2O UEFI firmware (tracked as CVE-2025-XXXX) allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. This flaw exposes millions of devices to pre-boot malware and kernel-level rootkits that evade traditional security monitoring. How SecureFlashCertData Undermines Secure Boot The vulnerability centers on improper […] The post Insyde UEFI Application Vulnerability Enables Digital Certificate Injection Through NVRAM Variable appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/insyde-uefi-application-vulnerability/
