- Multiple multiple defects in the UEFI firmware built by AMI
- AMI launched corrections months ago, so users should now update
- Many gigabyte mother plates reached EOF and, therefore, do not seek
The EUFI firmware in dozens of Gigabyte motherboard is vulnerable to a handful of failures that theoretically allow the threat actors to implement boots on compromised devices, establish stubborn persistence and execute an additional malicious code remotely, experts have warned.
Binarly security researchers recently discovered four vulnerabilities in the UEFI firmware developed by American Megatrends Inc. (AMI). The four have a high gravity score (8.2/10), and can lead to a privilege escalation, installation of malware and other potentially destructive results. They are traced as CVE-2025-7026, CVE-2025-7027, CVE-2025-7028 and CVE-2025-7028.
Binarly reported his findings to Carnegie Mellon Cert/CC in mid -April 2025, which turned out that AMI recognizes the findings and releases a patch in mid -June. The patch was pushed to the OEM in private, but apparently Gigabyte did not implement it at that time.
Hundreds of affected motherboard models
Apparently, there are more than 240 motherboard models affected by these defects.
Many will not be paved at all because they have reached the end of life and, as such, they are no longer supported by Gigabyte. On the other hand, users concerned with vulnerabilities should update their hardware to newer and more compatible versions.
It is also said that OEM products are affected by these defects, but until a patch is applied, their names will not be published.
The UEFI firmware is a low -level code that is executed below the operating system, and whose work is initializing the hardware (CPU, memory, storage) and then not delivering control to the operating system. When this code has failures, threat actors can explode them to install the so -called “boot boots”, stealthy malware that is loaded at the time of start, before the operating system.
Because they are executed in privileged environments, ankle boots can evade antivirus tools and even survive the reinstallations of the operating system and disk replacements. This makes them very persistent and dangerous, especially in high security environments. The good news is that exploiting these vulnerabilities often requires administrator access, which cannot be obtained so easily.
Through Bleepingcomputer
