InfoSecBulletin Cybersecurity for mankind
Four vulnerabilities in Gigabyte firmware were found by Binarly researchers and reported to Carnegie Mellon University’s CERT Coordination Center.
The original firmware supplier, American Megatrends Inc. (AMI), fixed issues after being privately informed. However, some OEM firmware builds, like Gigabyte’s, did not implement the fixes initially.
Node.js Flaws Expose Windows Apps to Path Traversal & HashDoS Attacks
Broadcom fixes multiple vulnerabilities in VMware ESXi, Workstation, and Fusion
Oracle Patched 309 Vulnerabilities with 145 Remotely Exploitable Flaw
Microsoft Extends 365 Support Until 2028 with ESU Program
Meta’s $100B AI Push: Gigawatt-Size Data Centers Spark Water Crisis
4 vulns impact Gigabyte motherboards to UEFI malware bypassing Secure Boot
Wing FTP 2000+ Servers Exposed Online: Actively Exploiting
CVE-2025-7503 (CVSS 10)
Backdoor in popular IP Camera Allows Hackers Root Access
(CVE-2025-25257)
Patch Urgently! Exploits for pre-auth Fortinet FortiWeb RCE flaw released
GP launched appless ‘GP Shield’ to protect mobile for only 50 TK
In Gigabyte firmware implementations, Binarly found the following vulnerabilities, all with a high-severity score of 8.2:
CVE-2025-7029: bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation
CVE-2025-7028: bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation
CVE-2025-7027: can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM
CVE-2025-7026: allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise.
Bleepingcomputer reported that the four vulnerabilities affect more than 100 motherboards and that products from other vendors are also impacted.
Products from other device vendors are affected by four vulnerabilities, but their names will not be revealed until fixes are ready.
Binarly informed Carnegie Mellon CERT/CC about the vulnerabilities on April 15. Gigabyte confirmed them on June 12 and released firmware updates, according to CERT/CC.
Meanwhile, Binarly founder and CEO Alex Matrosov told BleepingComputer that Gigabyte most likely hasn’t released fixes. With many of the products already having reached end-of-life, users should not expect to receive any security updates.
“Because all these four vulnerabilities originated from AMI reference code, AMI disclosed these vulnerabilities a while ago with their silent disclosure to paid customers only under NDA, and it caused significant effects for years on the downstream vendors when they stayed vulnerable and unpatched” – Alex Matrosov
“It seems that Gigabyte has not released any fixes yet, and many of the affected devices have reached end-of-life status, meaning they will likely remain vulnerable indefinitely.”
While the risk for general consumers is admittedly low, those in critical environments can assess the specific risk with Binarly’s Risk Hunt scanner tool, which includes free detection for the four vulnerabilities.
Computers from various OEMs using Gigabyte motherboards may be vulnerable, so users are advised to monitor for firmware updates and apply them promptly.
Source: Binarly, Bleepingcomputer
