CVE-2025-2486
- Source
- https://cve.org/CVERecord?id=CVE-2025-2486
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2486.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-2486
- Downstream
- Published
- 2025-11-26T18:15:48.357Z
- Modified
- 2026-03-12T20:10:27.590435Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.
- References
Affected packages
Git / github.com/tianocore/edk2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tianocore/edk2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "202402*" }, { "introduced": "0" }, { "last_affected": "202405" } ] }
Affected versions
Other
edk2-stable201808
edk2-stable201811
edk2-stable201903
edk2-stable201905
edk2-stable201908
edk2-stable201911
edk2-stable202002
edk2-stable202005
edk2-stable202008
edk2-stable202011
edk2-stable202102
edk2-stable202105
edk2-stable202108
edk2-stable202108-rc0
edk2-stable202108-rc1
edk2-stable202111
edk2-stable202111-rc1
edk2-stable202202
edk2-stable202202-rc1
edk2-stable202205
edk2-stable202205-rc1
edk2-stable202208
edk2-stable202211
edk2-stable202302
edk2-stable202305
edk2-stable202308
edk2-stable202311
edk2-stable202402