June 10, 2025 By Lawrence Abrams
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.
The flaw affects nearly every system that trusts Microsoft's "UEFI CA 2011" certificate, which is pretty much all hardware that supports Secure Boot.
Binarly researcher Alex Matrosov discovered the CVE-2025-3052 flaw after finding a BIOS-flashing utility signed with Microsoft's UEFI signing certificate.
The utility was originally designed for rugged tablets but as it was signed with Microsoft's UEFI certificate, it can run on any Secure Boot-enabled system.
Further investigations discovered that the vulnerable module had been circulating in the wild since at least late 2022 and later uploaded to VirusTotal in 2024, where Binarly spotted it.
Binarly disclosed the flaw to CERT/CC on February 26, 2025, with CVE-2025-3052 being mitigated today as part of the Microsoft June 2025 Patch Tuesday.