Secure Boot under threat

Two exploits are putting Secure Boot at risk, but only one has a fix

Panorama of night city skyline with immersive data protection interface with padlock, fingerprint and shield. Concept of cybersecurity and biometric scanning

Two flaws have been found in an industry-standard PC protocol designed specifically for defence.

The Secure Boot protocol is a PC industry standard that ensures only trusted software is able to run during startup, in theory protecting UEFI-based devices during the boot process. However, its own security has been called into question with the discovery of vulnerabilities under active exploitation.

Security researchers have found two flaws in Secure Boot that allow attackers to bypass the protocol, but so far Microsoft has only issued a fix for one of them.

The first flaw is CVE-2025-3052, which could allow an attacker to skip past Secure Boot entirely. Although exploitation requires local access, it is a low complexity and highly repeatable attack – and can be achieved remotely if the attack already has administrative control.

The flaw affects more than 50 OEMs’ devices; specifically a module they all use, created by DT Research, to flash firmware images onto UEFI motherboards to ensure they’re compatible with Linux.

Microsoft released a fix for the flaw in this month’s Patch Tuesday, revoking 14 cryptographic hashes linked to different versions of DT Research’s module.

However, the second vulnerability has not yet been addressed. This is CVE-2025-47827, which affects the igel-flash-driver module. This Linux kernel module handles IGEL’s proprietary storage management software.

Researchers warn that, again, the flaw could allow attackers to bypass Secure Boot’s defences against bootkits.

Zack Didcott, who discovered the flaw, has reported it to Microsoft, but the Windows maker has yet to acknowledge it.