Critical UEFI Flaw (CVE-2025-3052) Exposes Systems to Bootkit Attacks A newly disclosed memory corruption vulnerability in UEFI firmware, tracked as CVE-2025-3052, allows threat actors to bypass Secure Boot and deploy bootkit malware. Discovered by Binarly researchers, the flaw stems from a certificate-signed module that can be exploited by attackers with admin-level OS privileges to manipulate a user-writable NVRAM variable, enabling arbitrary data writes during the UEFI boot process. Microsoft initially believed the issue affected only a single module but later confirmed 14 vulnerable modules during triage. The company released patches on June 10, 2025, as part of its Patch Tuesday updates, adding 14 new hashes to the dbx (Secure Boot Forbidden Signature Database) to block exploitation. In a related development, cybersecurity researcher Nikolaj Schlej revealed that Insyde H2O-based UEFI firmware was also impacted by a separate Secure Boot bypass flaw (CVE-2025-4275), dubbed Hydrophobia, which the vendor has since remediated. The discovery underscores ongoing risks in UEFI firmware security, where vulnerabilities can persist across multiple implementations.