Insyde's Security Pledge

Buffer overflow vulnerabilities in the InsydeH2O tools.

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

CVE-2025-12050: H2OFFT32.sys is potentially vulnerable to a buffer overflow.
CVE-2025-12051: H2OFFT64.sys is potentially vulnerable to a buffer overflow.
CVE-2025-12052: egwindrv.sys is potentially vulnerable to a buffer overflow.
CVE-2025-12053: egwindrvx64.sys is potentially vulnerable to a buffer overflow

CWE-787: Out-of-bounds Write

Please use tools with following versions or newer.

1. H2OFFT (mobile version): 6.76.00
H2OFFT (server/embedded version): 200.02.01.00
2. H2OUVE: 200.02.01.00
3. H2OSDE: 200.02.01.00
4. H2ORTE: 200.02.01.00
5. H2OOAE: 200.02.01.00
6. H2OPCM: 200.02.01.00
7. H2OELV: 200.02.01.00
8. H2OUVE_ARM: 200.02.01.00
9. H2OSDE_ARM: 200.02.01.00
10. H2ORTE_ARM: 200.02.01.00
11. OEM tools
– HP FlashWin: 6.51.00
– HP Readback tool: 1.2.4.0
– HP FlashVerifyUtility: 6.2.5.0
– HP IsSecureBootKeyInstaller: 1.2.0.2