CVE-2025-21215

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Jan 14, 2025

CWE ID 125

Summary

CVE-2025-21215 is a newly disclosed vulnerability affecting Secure Boot, a critical security feature designed to ensure that a device only boots using only authorized software. Hackers can exploit this vulnerability to bypass Secure Boot and load unauthorized software, potentially leading to data theft, unauthorized access, or system compromise. The exact nature of the bypass method is not yet publicly known, but affected devices include certain models of Lenovo laptops running Windows 10. Lenovo has released a patch to address the issue, and users are strongly encouraged to apply it as soon as possible to protect their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Windows Server 2008

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners