ASRock, Asus, Gigabyte, and MSI motherboards are vulnerable to early-boot DMA attacks.
December 18, 2025 By Eduard Kovacs
The CVE identifiers CVE-2025-11901, CVE-2025‑14302, CVE-2025-14303, and CVE-2025-14304 have been assigned to the vulnerability.
Motherboards from several major vendors are affected by a vulnerability that can allow a threat actor to conduct early-boot attacks.
According to an advisory published on Wednesday by Carnegie Mellon University’s CERT/CC, an attacker can exploit the vulnerability to access data in memory or influence the initial state of the system.
The security hole could allow an attacker to obtain sensitive data and conduct pre-boot code injection.
While the issue may sound critical as it undermines the integrity of the boot process and allows attacks to be conducted prior to the operating system’s defenses being loaded, exploitation requires physical access to the targeted device.
Specifically, a local attacker needs to be able to connect a malicious PCI Express (PCIe) device to a computer with a vulnerable motherboard.
ASRock, Asus, Gigabyte, and MSI have confirmed that some of their motherboards are affected. Each vendor has released its own advisory to inform customers about the vulnerability and the availability of firmware patches.