#VU117018 Improper verification of cryptographic signature in IGEL OS - CVE-2025-47827
Published: October 14, 2025 / Updated: November 7, 2025
Vulnerability identifier: #VU117018
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2025-47827
CWE-ID: CWE-347
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
IGEL OS
IGEL OS
Software vendor:
IGEL
IGEL
Description
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to improper verification of cryptographic signature when mounting a SquashFS image in IGEL OS firmware. An attacker with physical access to the system can bypass Secure Boot protection feature and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild against the Windows users.
Remediation
Install updates from vendor's website.