Vulnerability in Clevo Notebook System Firmware
CVE-2025-11577
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmwar…
EPSS: 0.002 (15.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Clevo Notebook System Firmware — versions 1.07.07TRO1
References
Frequently asked questions
- What is CVE-2025-11577?
- CVE-2025-11577 is a high-severity vulnerability in Clevo Notebook System Firmware, classified under CWE-321 USE OF HARD‑CODED CRYPTOGRAPHIC KEY. CVSS score: 7.6/10. Published 2025-10-14.
- How severe is CVE-2025-11577?
- High severity. CVSS v3 base score is 7.6 out of 10.