CVE-2025-2296: Un-verified kernel bypass Secure Boot mechanism in direct boot mode

Overview

Severity

High (CVSS 8.2)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U

Exploit Status

Not Exploited

Patch Tuesday

2025-Dec

Released

2025-12-17

Last Updated

2026-01-08

EPSS Score

0.23% (percentile: 46.3%)

Affected Products (5)

Other

• 20577-17084
• 20727-17084
• 20377-17086
• 20378-17086

Open Source Software

• cbl2 qemu 6.2.0-26 on CBL Mariner 2.0

Revision History

• 2025-12-17: Information published.
• 2025-12-23: Information published.
• 2026-01-08: Information published.