Researchers at Binarly have identified a new vulnerability for a set of Microsoft-signed UEFI applications. The applications are Dtbios and BiosFlashShell and are published by DT Research. These applications contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability involves unsafe handling of specific UEFI Variables, which could be leveraged to override the Secure Boot configuration on a system. This enables a hacker to run malicious bootkits before the OS is fully initialized. Once deployed, these vulnerable applications could be used by malicious components to compromise the integrity of the OS, gain elevated privileges, or facilitate further attacks, undermining system security and potentially evading detection by traditional security mechanisms.Â
Because the vulnerable applications are signed by the Microsoft third-party UEFI Certificate Authority, CVE-2025-3052 can be exploited on any UEFI system that uses Microsoft’s UEFI Secure Boot authority.Â
While firmware products from Phoenix Technologies are not vulnerable themselves, every UEFI system will need to apply Microsoft UEFI DBX updates to mitigate this issue. These DBX updates will block the vulnerable drivers from running using UEFI Secure Boot.Â
Microsoft has released mitigations through Windows Update to add approximately 14 Authenticode hashes to the UEFI Secure Boot Exclusion list (DBX). Details for update packages can be found at the Microsoft Security Response Center page for this vulnerability.
Reference: CVE-2025-3052
