Improper input validation in Tianocore Edk2

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary comma…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.007 (48.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References