{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/211341#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\n\r\nA vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An attacker can store their own certificate in this variable and subsequently run arbitrary firmware (signed by the injected certificate) during the early boot process within the UEFI environment.\r\n\r\n### Description\r\n[Unified Extensible Firmware Interface (UEFI)](https://uefi.org/) defines a modern firmware architecture that facilitates interaction between a computer’s hardware and its operating system during early boot. When a UEFI-compliant system starts, UEFI applications and drivers are executed to initialize the system and hand off control to the operating system (OS) loader. These UEFI applications must be signed and verified for execution under Secure Boot. These signatures can originate from the OEM or from entries in the system’s signature database (DB), which commonly includes the Microsoft UEFI Certificate Authority (CA).\r\n\r\nUEFI defines extensible NVRAM variables that store configuration, device customization, and runtime context shared across UEFI applications and the operating system. A vulnerability was identified in a firmware application due to the use of an untrusted NVRAM variable, `SecureFlashCertData`, to store and exchange public keys. Because this NVRAM variable is not protected (i.e., not locked), it can be updated at runtime—allowing an attacker to inject their own keys.\r\n\r\nAs described by the security researcher Nikolaj Schlej \r\n\r\n> The origin of this vulnerability is the fact that Insyde H2O authors decided to use volatile NVRAM as trusted storage for data exchange between the points of loading the signing certificates from the FW (which can happen in many places in multiple DXE drivers) and verifying the signature of platform tools and update capsules (which happens in a library implementing LoadImage/StartImage pair). Due to use of common library functions (akin LibGetVariable), there's no way for LoadImage to ensure that the NVRAM variables it consults are indeed volatile and had been previously set by the firmware itself, so hijacking them becomes a trivial \"set the very same variables as non-volatile from OS environment\", which the PoC tool performs if ran from Windows Administrator terminal. Any other means to write the same variables to non-volatile NVRAM (i.e. Linux efivars subsystem) will also work the same way.\r\n\r\nTo mitigate this vulnerability, affected UEFI modules must be updated via vendor-provided firmware updates. Firmware security analysis tools can also inspect affected variables in firmware images to assess exposure to this vulnerability. Note that UEFI variable locking, while supported in some implementations, is currently poorly documented or as it stands unavailable with reference implementations for vendors to adopt.\r\n\r\n### Impact\r\n\r\nAn attacker with the ability to modify the SecureFlashCertData NVRAM variable at runtime can use it to inject their digital certificate and bypass Secure Boot. This allows unsigned or malicious code to run before the OS loads, potentially installing persistent malware or kernel rootkits that survive reboots and OS reinstallations. Because this attack occurs before OS-level security tools initialize, it can evade detection by endpoint detection and response (EDR) systems. In some cases, it may even disable EDR systems entirely by modifying low-level interfaces before they load.\r\n\r\n### Solution\r\n\r\nDue to the supply-chain redistribution of this firmware application across multiple Original Device Manufacturers (ODMs) and Original Equipment Manufacturers (OEMs), the vulnerability may be present in multiple PC models. Please check the Vendor Information section for details.\r\n\r\n### Acknowledgements\r\n\r\nThanks to researcher Nikolaj Schlej for the responsible disclosure of this vulnerability to CERT/CC. Thanks also to Insyde and other vendors for addressing the vulnerability with appropriate actions. This document was written by Vijay Sarvepalli.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Fujitsu and Fsas Technologies are aware of the vulnerabilities present in Insyde InsydeH2O (\"Hydroph0bia\").\r\n\r\nAffected products are Fujitsu Client Computing Devices (CCD). \r\n\r\nThe Fsas Technologies PSIRT (Europe) released FTI-FCCL-2025-061011 on https://security.ts.fujitsu.com (Security Notices) accordingly; see https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-FCCL-2025-061011-Security-Notice.pdf\r\n\r\nIn case of questions regarding this Fsas Technologies PSIRT Security Notice, please contact the Fsas Technologies PSIRT (Europe) (FsasTech-PSIRT@fujitsu.com).","title":"Vendor statment from Fsas Technologies Europe"},{"category":"other","text":"We have reviewed the details and confirmed that the only system Microsoft ever shipped with Insyde H20 was the original Surface Go which has hit the end of support lifecycle in 2022 and there are no plans to use Insyde UEFI for future Surface products.","title":"Vendor statment from Microsoft"},{"category":"other","text":"AMI does not share the same implementation.","title":"Vendor statment from American Megatrends Incorporated (AMI)"},{"category":"other","text":"ChromeOS is not afffected.\r\n\r\nAdditional evaluation for other platforms are under investigation but not likely impacted.","title":"Vendor statment from Google"},{"category":"other","text":"We have verified this vulnerability, have notified our partners with patch information and a CVE has been requested. We will update with detailed version information once the CVE has been issued.","title":"Vendor statment from Insyde Software Corporation"},{"category":"other","text":"Following a review with the internal development team, it has been confirmed that the vulnerability does not affect ASUS products.","title":"Vendor statment from ASUSTeK Computer Inc."}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/211341"},{"url":"https://coderush.me/hydroph0bia-part1/","summary":"https://coderush.me/hydroph0bia-part1/"},{"url":"https://coderush.me/hydroph0bia-part2/","summary":"https://coderush.me/hydroph0bia-part2/"},{"url":"https://www.insyde.com/security-pledge/sa-2025002","summary":"https://www.insyde.com/security-pledge/sa-2025002"},{"url":"https://uefi.org/specs/UEFI/2.10/08_Services_Runtime_Services.html","summary":"https://uefi.org/specs/UEFI/2.10/08_Services_Runtime_Services.html"},{"url":"https://uefi.org/sites/default/files/resources/UEFI%20Firmware%20-%20Security%20Concerns%20and%20Best%20Practices.pdf","summary":"https://uefi.org/sites/default/files/resources/UEFI%20Firmware%20-%20Security%20Concerns%20and%20Best%20Practices.pdf"},{"url":"https://microsoft.github.io/mu/dyn/mu_basecore/MdeModulePkg/Library/VariablePolicyLib/ReadMe/","summary":"https://microsoft.github.io/mu/dyn/mu_basecore/MdeModulePkg/Library/VariablePolicyLib/ReadMe/"},{"url":"https://tianocore-docs.github.io/edk2-UefiDriverWritersGuide/draft/edk2-UefiDriverWritersGuide-draft.pdf","summary":"https://tianocore-docs.github.io/edk2-UefiDriverWritersGuide/draft/edk2-UefiDriverWritersGuide-draft.pdf"},{"url":"https://uefi.org/sites/default/files/resources/UEFI_Spec_Final_2.11.pdf","summary":"https://uefi.org/sites/default/files/resources/UEFI_Spec_Final_2.11.pdf"},{"url":"https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf","summary":"https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf"},{"url":"https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-FCCL-2025-061011-Security-Notice.pdf","summary":"Reference(s) from vendor \"Fsas Technologies Europe\""},{"url":"https://learn.microsoft.com/en-us/surface/surface-driver-firmware-lifecycle-support#legacy-products:~:text=June%2030%2C%202023-,Surface%20Go,August%202%2C%202022,-Surface%20Laptop%202","summary":"Reference(s) from vendor \"Microsoft\""}],"title":"A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable","tracking":{"current_release_date":"2025-10-20T15:41:39+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#211341","initial_release_date":"2025-06-10 14:01:49.684213+00:00","revision_history":[{"date":"2025-10-20T15:41:39+00:00","number":"1.20251020154139.6","summary":"Released on 2025-10-20T15:41:39+00:00"}],"status":"final","version":"1.20251020154139.6"}},"vulnerabilities":[{"title":"A vulnerability in Insyde H20 fails to properly distinguish between volatile RAM variables and non-volatile RAM (NVRAM) variables with the same name while checking a digital certificate allowing an attacker to override sensitive digital checks and potentially bypass UEFI SecureBoot.","notes":[{"category":"summary","text":"A vulnerability in Insyde H20 fails to properly distinguish between volatile RAM variables and non-volatile RAM (NVRAM) variables with the same name while checking a digital certificate allowing an attacker to override sensitive digital checks and potentially bypass UEFI SecureBoot. See INSYDE-SA-2025002"}],"cve":"CVE-2025-4275","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#211341"}],"product_status":{"known_affected":["CSAFPID-4e425ae0-3511-11f1-8422-122e2785dc9f","CSAFPID-4e442a32-3511-11f1-8422-122e2785dc9f"],"known_not_affected":["CSAFPID-4e42b846-3511-11f1-8422-122e2785dc9f","CSAFPID-4e4301fc-3511-11f1-8422-122e2785dc9f","CSAFPID-4e434db0-3511-11f1-8422-122e2785dc9f","CSAFPID-4e439e50-3511-11f1-8422-122e2785dc9f","CSAFPID-4e43e69e-3511-11f1-8422-122e2785dc9f","CSAFPID-4e447af0-3511-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Fsas Technologies Europe","product":{"name":"Fsas Technologies Europe Products","product_id":"CSAFPID-4e425ae0-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-4e42b846-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-4e4301fc-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Google","product":{"name":"Google Products","product_id":"CSAFPID-4e434db0-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Microsoft","product":{"name":"Microsoft Products","product_id":"CSAFPID-4e439e50-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Aruba Networks","product":{"name":"Aruba Networks Products","product_id":"CSAFPID-4e43e69e-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-4e442a32-3511-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-4e447af0-3511-11f1-8422-122e2785dc9f"}}]}}