Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for Notebook System Firmware by Clevo

    CVE-2025-11577 (GCVE-0-2025-11577)

    Vulnerability from nvd – Published: 2025-10-14 15:34 – Updated: 2025-10-15 13:17
    VLAI
    Title
    Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
    Summary
    Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.
    Severity
    7.6 (High)
    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Clevo Notebook System Firmware Affected: 1.07.07TRO1
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:17:29.919651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:17:44.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Notebook System Firmware",
          "vendor": "Clevo",
          "versions": [
            {
              "status": "affected",
              "version": "1.07.07TRO1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Clevo\u2019s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-321 Use of Hard\u2011coded Cryptographic Key",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T15:34:09.651Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.binarly.io/advisories/brly-2025-002"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/538470"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain",
      "x_generator": {
        "engine": "VINCE 3.0.26",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-11577"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-11577",
    "datePublished": "2025-10-14T15:34:09.651Z",
    "dateReserved": "2025-10-10T02:08:14.733Z",
    "dateUpdated": "2025-10-15T13:17:44.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

    CVE-2025-11577 (GCVE-0-2025-11577)

    Vulnerability from cvelistv5 – Published: 2025-10-14 15:34 – Updated: 2025-10-15 13:17
    VLAI
    Title
    Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
    Summary
    Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process.
    Severity
    7.6 (High)
    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Clevo Notebook System Firmware Affected: 1.07.07TRO1
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11577",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:17:29.919651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:17:44.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Notebook System Firmware",
          "vendor": "Clevo",
          "versions": [
            {
              "status": "affected",
              "version": "1.07.07TRO1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Clevo\u2019s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining the integrity of the early boot process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-321 Use of Hard\u2011coded Cryptographic Key",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T15:34:09.651Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.binarly.io/advisories/brly-2025-002"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/538470"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain",
      "x_generator": {
        "engine": "VINCE 3.0.26",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2025-11577"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2025-11577",
    "datePublished": "2025-10-14T15:34:09.651Z",
    "dateReserved": "2025-10-10T02:08:14.733Z",
    "dateUpdated": "2025-10-15T13:17:44.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}