Vulnerability in Clevo Notebook System Firmware

CVE-2025-11577

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmwar…

EPSS: 0.002 (15.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

References

Frequently asked questions

What is CVE-2025-11577?
CVE-2025-11577 is a high-severity vulnerability in Clevo Notebook System Firmware, classified under CWE-321 USE OF HARD‑CODED CRYPTOGRAPHIC KEY. CVSS score: 7.6/10. Published 2025-10-14.
How severe is CVE-2025-11577?
High severity. CVSS v3 base score is 7.6 out of 10.