Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2025004

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

3.5

2025-08-12

Summary

[EDK2] Remote Memory Exposure in iSCSI DXE

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

CVE-2025-2295

Description: A malicious iSCSI target can cause a remote BIOS to reveal its memory contents with a specially crafted R2T message.

Solution Information

kernel 5.2, Version 05.2A.17
kernel 5.3, Version 05.39.17
kernel 5.4, Version 05.47.17
kernel 5.5, Version 05.55.17
kernel 5.6, Version 05.62.17
kernel 5.7, Version 05.71.17

Acknowledgements

Revision History

Revision #

Date

Description

2025-08-12

Initial Release

< Back to Security Pledge