Firmware security research company Binarly has discovered four new vulnerabilities affecting the UEFI (Unified Extensible Firmware Interface) on multiple Gigabyte motherboards. The vulnerabilities with CVE identifiers CVE-2025-7029, CVE-2025-7028, CVE-2025-7027, and CVE-2025-7026 were shared with Carnegie Mellon University’s CERT Coordination Center (CERT/CC) for further analysis.
The cause of concern is said to lie within the System Management Mode (SMM), a high-privilege operating mode on x86 processors meant for low-level system management tasks. SMM grants UEFI access to the system hardware, where all the code is executed in a secure memory area called System Management RAM (SMRAM). This memory can only be accessed using Special System Management Interrupt (SMI) handlers, which rely on specific communication buffers to process data. However, in case these handlers do not validate the data, it can potentially allow an attacker to execute arbitrary code before the operating system is loaded.
CVE Identifier | Description | CVSS score | Severity |
|---|---|---|---|
CVE-2025-7029 | Unchecked RBX register enables arbitrary SMRAM writes via OcHeader/OcData pointers | 8.2 | High |
CVE-2025-7028 | Unvalidated function pointers allow attacker control over flash operations | 8.2 | High |
CVE-2025-7027 | Double pointer dereference enables arbitrary SMRAM writes | 8.2 | High |
CVE-2025-7026 | Unchecked RBX register allows arbitrary SMRAM writes in CommandRcx0 | 8.2 | High |
As per CERT’s report, an attacker with administrative access could use these flaws to execute arbitrary code in SMM and bypass key UEFI protections, including Secure Boot. The attacker can also install "stealthy firmware implants" and take long-term control of the system. These attacks can be triggered from inside the OS or during early boot, sleep, or recovery states. Since SMM operates below the OS kernel, it can be hard to spot or disable the vulnerability using traditional security tools.
Gigabyte is already rolling out firmware updates for many of the affected models. As per the latest security advisory, the company has shared a list of impacted products and corresponding BIOS versions, which includes a large number of Gigabyte motherboard models across the Intel 100, 200, 300, 400 and 500 series platforms.
Binarly has confirmed to Bleeping Computers that over a hundred product lines are potentially at risk, including various revisions and region-specific models. Users are encouraged to visit Gigabyte’s official support page to identify their motherboard model and download the latest BIOS/UEFI firmware. The update can be installed via Gigabyte’s BIOS or using the Q-Flash utility. It is also critical to double-check the BIOS settings after updating to the latest firmware to ensure Secure Boot is enabled. While there’s currently no evidence whether these vulnerabilities have been exploited in the wild, the discovery throws light on the growing threat of firmware-level attacks.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
