Improper verification of cryptographic signature in IGEL OS - CVE-2025-47827
Published: October 14, 2025 / Updated: November 7, 2025
Vulnerability identifier: #VU117018
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2025-47827
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: IGEL
Affected software:
IGEL OS
IGEL OS
Detailed vulnerability description
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to improper verification of cryptographic signature when mounting a SquashFS image in IGEL OS firmware. An attacker with physical access to the system can bypass Secure Boot protection feature and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild against the Windows users.
How to mitigate CVE-2025-47827
Install updates from vendor's website.