CVE-2025-2295 - Vulnerability Details - OpenCVE

ReportizFlow

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Tianocore	Edk2

No data.

No data.

References

Link	Providers
https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00044}`	epss `{'score': 0.00142}`

Tue, 18 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 14 Mar 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
Title		Potential iSCSI R2T PDU Vulnerability
Weaknesses		CWE-190
References		https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x
Metrics		cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TianoCore

Published: 2025-03-14T21:35:10.484Z

Updated: 2025-03-18T16:19:50.500Z

Reserved: 2025-03-13T18:56:12.506Z

Link: CVE-2025-2295

Vulnrichment

Updated: 2025-03-17T15:58:50.188Z

NVD

Status : Received

Published: 2025-03-14T22:15:11.600

Modified: 2025-03-14T22:15:11.600

Link: CVE-2025-2295

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2295", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "state": "PUBLISHED", "assignerShortName": "TianoCore", "dateReserved": "2025-03-13T18:56:12.506Z", "datePublished": "2025-03-14T21:35:10.484Z", "dateUpdated": "2025-03-18T16:19:50.500Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "NetworkPkg", "product": "EDK2", "vendor": "TianoCore", "versions": [{"lessThanOrEqual": "edk2-stable202502", "status": "affected", "version": "0", "versionType": "Custom"}]}], "datePublic": "2025-03-14T21:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service."}], "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-03-14T21:35:10.484Z"}, "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential iSCSI R2T PDU Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-17T15:58:41.859962Z", "id": "CVE-2025-2295", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T16:19:50.500Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2295", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-17T15:58:41.859962Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-17T15:58:50.188Z"}}], "cna": {"title": "Potential iSCSI R2T PDU Vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TianoCore", "product": "EDK2", "versions": [{"status": "affected", "version": "0", "versionType": "Custom", "lessThanOrEqual": "edk2-stable202502"}], "packageName": "NetworkPkg", "defaultStatus": "unaffected"}], "datePublic": "2025-03-14T21:33:00.000Z", "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2025-03-14T21:35:10.484Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2295", "state": "PUBLISHED", "dateUpdated": "2025-03-18T16:19:50.500Z", "dateReserved": "2025-03-13T18:56:12.506Z", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "datePublished": "2025-03-14T21:35:10.484Z", "assignerShortName": "TianoCore"}, "dataVersion": "5.1"}