{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-4410","assignerOrgId":"8338d8cb-57f7-4252-abc0-96fd13e98d21","state":"PUBLISHED","assignerShortName":"Insyde","dateReserved":"2025-05-07T06:45:13.610Z","datePublished":"2025-08-13T01:49:47.629Z","dateUpdated":"2025-08-14T05:53:21.108Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","platforms":["See in the Reference link"],"product":"InsydeH2O","vendor":"Insyde Software","versions":[{"status":"affected","version":"See in the Reference link","versionType":"custom"}]}],"datePublic":"2025-08-13T01:34:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code."}],"value":"A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8338d8cb-57f7-4252-abc0-96fd13e98d21","shortName":"Insyde","dateUpdated":"2025-08-14T05:53:21.108Z"},"references":[{"url":"https://www.insyde.com/security-pledge/sa-2025005/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Intel Mobil Platforms:<br><br>PantherLake: Version 05.71.04.0012 <br>LunarLake: Version 05.62.21.0033<br>ArrowLake H/U: Version 05.55.17.0017<br>ArrowLake S/HX: Version 05.55.17.0028<br>MeteorLake: Version 05.55.17.0036<br>RapterLake: Version 05.47.21.0055<br>TwinLake: Version 05.44.45.0027<br><br>Intel Server/Embedded Platforms:<br><br>Purley: Version 05.21.51.0064<br>Whitley: Version 05.42.23.0078<br>CedarIsland: Version 05.42.11.0031<br>Eagle Stream: Version 05.47.31.1049<br>Birch Stream: Version 05.62.16.0082<br>Mehlow: Version 05.23.04.0054<br>Tatlow: Version 05.42.52.0029<br>Jacobsville: (Not Affected)<br>Harrisonville: (Not Affected)<br>Idaville: Version 05.47.21.0067<br>WhiskeyLake: Version 05.23.45.0032<br>CometLake-S: Version 05.34.19.0050<br>TigerLake UP3/H: Version 05.43.12.0062<br>AlderLake: Version 05.47.21.2055<br>Gemini Lake: (Not Affected)<br>ElkhartLake: Version 05.47.21.0028<br>Alder Lake N: Version 05.47.21.0013<br>AmstonLake:  Version 05.47.21.0008<br>"}],"value":"Intel Mobil Platforms:\n\nPantherLake: Version 05.71.04.0012 \nLunarLake: Version 05.62.21.0033\nArrowLake H/U: Version 05.55.17.0017\nArrowLake S/HX: Version 05.55.17.0028\nMeteorLake: Version 05.55.17.0036\nRapterLake: Version 05.47.21.0055\nTwinLake: Version 05.44.45.0027\n\nIntel Server/Embedded Platforms:\n\nPurley: Version 05.21.51.0064\nWhitley: Version 05.42.23.0078\nCedarIsland: Version 05.42.11.0031\nEagle Stream: Version 05.47.31.1049\nBirch Stream: Version 05.62.16.0082\nMehlow: Version 05.23.04.0054\nTatlow: Version 05.42.52.0029\nJacobsville: (Not Affected)\nHarrisonville: (Not Affected)\nIdaville: Version 05.47.21.0067\nWhiskeyLake: Version 05.23.45.0032\nCometLake-S: Version 05.34.19.0050\nTigerLake UP3/H: Version 05.43.12.0062\nAlderLake: Version 05.47.21.2055\nGemini Lake: (Not Affected)\nElkhartLake: Version 05.47.21.0028\nAlder Lake N: Version 05.47.21.0013\nAmstonLake:  Version 05.47.21.0008"}],"source":{"discovery":"EXTERNAL"},"title":"SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution.","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-13T13:16:19.518373Z","id":"CVE-2025-4410","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-13T13:21:15.755Z"}}]}}