- Binarly spotted several faults in the UEFI firmware built by friend
- Friend released the fixes ago months ago, so users should update now
- Many gigabyte motherboards have reached the EOF and will therefore not be corrected
The UEFI firmware on dozens of gigabyte mother cards is vulnerable to a handful of defects that theoretically allow threat actors to deploy bootkits on compromise devices, establish obstinate persistence and execute an additional malicious code, warned the experts.
Security researchers recently discovered four vulnerabilities in UEFI firmware developed by American Megatrends Inc. (AMI). The four have a high severity score (8.2 / 10) and can lead to climbing privileges, an installation of malware and other potentially destructive results. They are followed under the name of CVE-2025-7026, CVE-2025-7027, CVE-2025-7028 and CVE-2025-7028.
Binarly reported his results to Carnegie Mellon Cert / CC in mid-April 2025, which allowed AMI to recognize the results and release a patch in mid-June. The patch was pushed to the OEM in private, but apparently Gigabyte did not implement it at the time.
Hundreds of affected motherboard models
There are apparently more than 240 motherboard models that are affected by these faults.
Many will not be corrected at all because they have reached the end of life and, as such, are no longer supported by gigabytes. Instead, users are concerned about vulnerabilities should upgrade their equipment to more recent and supported versions.
Products from other OEMs would also be affected by these faults, but until a correction is applied, their names will not be publicized.
The UEFI firmware is a low level code that runs under the operating system, and whose work consists in initializing the equipment (CPU, memory, storage), then put the control to the operating system. When this code has faults, threat stakeholders can exploit them to install so-called “bootkits”, stealthy malware that takes care of starting time, before the operating system.
Because they run in privileged environments, bootkits can escape antivirus tools, and even survive the resettlements of the operating system and disc replacements. This makes them very persistent and dangerous, especially in high security environments. The good news is that the exploitation of these vulnerabilities often requires administrative access, which is not so easily available.
Via Bleeping Compompute
