CERT/CC gave this one a CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H. I'm kinda baffled about Attack Complexity: High there. Folks, signing UEFI apps with a custom cert is as complex as "apt install sbsign", and putting that cert into NVRAM is also trivial. AC:L, maybe?

Lenovo estimates their fixes to Hidroph0bia (CVE-2025-4275) to be available no earlier than 2025-07-30 for all affected models that aren't EOL: support.lenovo.com/us/en/product_…

Hydroph0bia (CVE-2025-4275) PoC - DXE volume takeover on HUAWEI MateBook 14 2023, flashing a patched BIOS with custom boot logo. No user interaction outside of the OS required, SecureBoot and firmware password remain enabled. coderush.me/hydroph0bia-pa…, coderush.me/hydroph0bia-pa…

Dell provided their Hydroph0bia (CVE-2025-4275) security advisory, with fixes only for 4 products so far: dell.com/support/kbdoc/… Now we can check how Insyde fixed the vuln, and if we could bypass the fix to make it work again. Stay tuned for part 3 of the writeup series.

UEFITool / UEFIExtract / UEFIFind NE A72, UI updates: - Dell DVAR parser output now looks more consistent with previous NVRAM parsers - "Copy item name" action - "Expand/collapse whole section" actions - "Hash / Hash body / Hash uncompressed" actions github.com/LongSoft/UEFIT…

Published the third part of my blog series about Hydroph0bia (CVE-2025-4275) vulnerability, this one is about the fix as Insyde applied it, and my thoughts on improvements for it. coderush.me/hydroph0bia-pa…