{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/538470#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nClevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot UEFI environment on systems where Clevo’s implementation has been adopted.\r\n\r\n### Description\r\nIntel Boot Guard is a platform integrity technology, providing a root of trust that protects the earliest stages of the boot process. It cryptographically verifies the Initial Boot Block (IBB) and prevents the execution of untrusted firmware. Operating before UEFI is initialized, Boot Guard ensures that only authenticated firmware is executed during the earliest pre-boot stage.  Boot Guard is often confused with UEFI Secure Boot, but Secure Boot operates later in the process, enforcing trust within the UEFI firmware execution phase and during the transition from UEFI to the operating system.\r\n\r\nClevo Co. is a computer hardware and firmware manufacturer that operates as both an Original Design Manufacturer (ODM) and an Original Equipment Manufacturer (OEM), producing laptops and UEFI firmware used by various personal computer brands.  One of Clevo’s publicly released UEFI software executables included private keys integral to its Boot Guard trust chain. Because Clevo’s firmware is integrated into products from other manufacturers, the exposure may have supply chain implications extending beyond Clevo-branded systems.\r\n\r\n### Impact\r\nAn attacker with write access to flash storage for a system, whether through physical access or a privileged software update mechanism, could abuse the leaked keys to sign and install malicious firmware. Such firmware would be trusted at the early stages that will be protected by Boot Guard, allowing compromise of the affected UEFI systems and thus enabling persistent and stealthy control over the device.\r\n\r\n### Solution\r\nWhile Clevo has reportedly removed the affected software containing the leaked keys, no public remediation steps have been announced by Clevo at this time.\r\nUsers of Clevo-based devices, including those from other  OEMs that integrate Clevo firmware, should:\r\n* Assess their exposure to affected firmware versions.\r\n* Monitor systems for unauthorized firmware modifications.\r\n* Apply firmware updates only from verified and trusted sources.\r\n\r\n### Acknowledgements\r\nThis issue was responsibly disclosed by the Binarly Research Team, with initial reporting by Thierry Laurion. This document was written by Vijay Sarvepalli.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"Not affected - AMI products do not contain these leaked keys","title":"Vendor statment from American Megatrends Incorporated (AMI)"},{"category":"other","text":"Google Chrome OS systems do not use this BIOS\r\nGoogle Cloud Infra does not use this BIOS","title":"Vendor statment from Google"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/538470"},{"url":"https://www.binarly.io/advisories/brly-2025-002","summary":"https://www.binarly.io/advisories/brly-2025-002"},{"url":"https://hardenedlinux.org/blog/2023-09-07-boot-unguarded-x86-trust-anchor-downfalls-to-the-leaked-oem-internal-tools-and-signing-keys","summary":"https://hardenedlinux.org/blog/2023-09-07-boot-unguarded-x86-trust-anchor-downfalls-to-the-leaked-oem-internal-tools-and-signing-keys"},{"url":"https://tianocore-docs.github.io/EDK_II_Secure_Coding_Guide/draft/secure_coding_guidelines_intel_platforms/intel_boot_guard.html","summary":"https://tianocore-docs.github.io/EDK_II_Secure_Coding_Guide/draft/secure_coding_guidelines_intel_platforms/intel_boot_guard.html"},{"url":"https://www.binarly.io/blog/clevo-boot-guard-keys-leaked-in-update-package","summary":"https://www.binarly.io/blog/clevo-boot-guard-keys-leaked-in-update-package"}],"title":"Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard","tracking":{"current_release_date":"2025-10-16T14:16:21+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#538470","initial_release_date":"2025-10-13 15:32:08.896707+00:00","revision_history":[{"date":"2025-10-16T14:16:21+00:00","number":"1.20251016141621.4","summary":"Released on 2025-10-16T14:16:21+00:00"}],"status":"final","version":"1.20251016141621.4"}},"vulnerabilities":[{"title":"Clevo’s UEFI firmware update packages, including B10717.","notes":[{"category":"summary","text":"Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process."}],"cve":"CVE-2025-11577","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#538470"}],"product_status":{"known_not_affected":["CSAFPID-f9816320-34a2-11f1-8422-122e2785dc9f","CSAFPID-f981b4b0-34a2-11f1-8422-122e2785dc9f","CSAFPID-f981ee58-34a2-11f1-8422-122e2785dc9f","CSAFPID-f9822dc8-34a2-11f1-8422-122e2785dc9f","CSAFPID-f9828ce6-34a2-11f1-8422-122e2785dc9f","CSAFPID-f982c058-34a2-11f1-8422-122e2785dc9f","CSAFPID-f982eaec-34a2-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"American Megatrends Incorporated (AMI)","product":{"name":"American Megatrends Incorporated (AMI) Products","product_id":"CSAFPID-f9816320-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"ASUSTeK Computer Inc.","product":{"name":"ASUSTeK Computer Inc. Products","product_id":"CSAFPID-f981b4b0-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Insyde Software Corporation","product":{"name":"Insyde Software Corporation Products","product_id":"CSAFPID-f981ee58-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Intel","product":{"name":"Intel Products","product_id":"CSAFPID-f9822dc8-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Phoenix Technologies","product":{"name":"Phoenix Technologies Products","product_id":"CSAFPID-f9828ce6-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"Google","product":{"name":"Google Products","product_id":"CSAFPID-f982c058-34a2-11f1-8422-122e2785dc9f"}},{"category":"vendor","name":"UEFI Security Response Team","product":{"name":"UEFI Security Response Team Products","product_id":"CSAFPID-f982eaec-34a2-11f1-8422-122e2785dc9f"}}]}}