- Binarly discovered several deficiencies in UEFI -Firmware built by AMI
- Ami released fixes months ago so users need to update now
- Many gigabyte motherboards reached EOF and therefore are not patched
UEFI company on dozens of gigabyte motherboards are vulnerable to a handful of deficiencies that theoretically allow threat actors to implement bootkits on compromised devices, establish a stubborn persistence and perform additional malicious code externally, experts have warned.
Security researchers Binarly recently discovered four vulnerabilities in UEFI firmware developed by American Megatrends Inc. (Ami). All four have a score of high difficulty (8.2/10) and can lead to privilege shell, installation of malware and other potentially destructive results. They are tracked as CVE-2025-7026, CVE-2025-7027, CVE-2025-7028 and CVE-2025-7028.
Binarly reported his findings to Carnegie Mellon Cert/CC in mid -April 2025, resulting in AMI recognizing the results and releasing a patch in mid -June. The patch was pushed to OEMs privately, but apparently gigabyte it did not implement it at the time.
Hundreds of affected motherboard models
There are apparently more than 240 motherboard models that are affected by these deficiencies.
Many people are not patched at all because they have reached the end of life and as such are no longer supported by gigabytes. Instead, users who are concerned about the vulnerabilities need to upgrade their hardware to newer, supported versions.
Products from other OEMs are also said to be affected by these deficiencies, but until a patch is used, their names will not be published.
UEFI company is a low-level code that runs below the operating system and whose job is to initialize hardware (CPU, memory, storage) and then submit control to us. Once this code has deficiencies, threat actors can take advantage of them to install so -called “bootkits”, stealthy malware loaded at the start time before us.
Because they run in privileged environments, bootkits can avoid antivirus tools and even survive us reinstalling and disk replacements. This makes them very persistent and dangerous, especially in high -security environments. The good news is that utilization of these vulnerabilities often requires admin access, which is not so easy to get.
Via Bleeping computer
