Improper input validation in Tianocore Edk2
CVE-2025-2296
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary comma…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.007 (48.6th percentile) — read the EPSS interpretation.
Affected products
- Tianocore Edk2 — versions 0