Techly NewsGet the app

Get the latest tech news

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass


Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.

Issues involving NVRAM variables have been a persistent problem in the UEFI ecosystem, with Binarly alone responsibly disclosing hundreds of related vulnerabilities over the past few years. As shown in the image below, the signed application reads the content of the IhisiParamBuffer variable and directly uses it as a pointer for multiple memory write operations, without performing any validation or sanity checks on its value. One important aspect is that the PoC is transparent to the operating system: as shown at the end of the video (at minute 1:07), Secure Boot still appears to be enabled from the OS, even though it has been effectively bypassed.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of trust

trust

Photo of crack

crack

Photo of chain

chain

Related news:

News photo

GamesBeat Summit 2025: Unity CEO on rebuilding trust with the community

News photo

GamesBeat Summit 2025: Why trust and authenticity are key to Hollywood adaptations

News photo

PlaySafe ID raises $1.12M to bring trust and fairness to gaming communities

« OpenAI o3-pro
AI Chatbots Are Making LA Protest Disinformation Worse »