Main Vulnerability Database SB2025101463

SB2025101463 - IGEL OS Secure Boot bypass in Microsoft Windows

Published: October 14, 2025 Updated: November 7, 2025

Security Bulletin ID SB2025101463

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper verification of cryptographic signature (CVE-ID: CVE-2025-47827)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to improper verification of cryptographic signature when mounting a SquashFS image in IGEL OS firmware. An attacker with physical access to the system can bypass Secure Boot protection feature and compromise the affected system.

Note, the vulnerability is being actively exploited in the wild against the Windows users.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2025-47827