2417316 – (CVE-2025-2486) CVE-2025-2486 edk2: edk2: UEFI Shell access in Secure Boot environments allows bypass of Secure Boot constraints

Bug 2417316 (CVE-2025-2486) - CVE-2025-2486 edk2: edk2: UEFI Shell access in Secure Boot environments allows bypass of Secure Boot constraints

Summary: CVE-2025-2486 edk2: edk2: UEFI Shell access in Secure Boot environments allow...

Keywords:
Status:	NEW
Alias:	CVE-2025-2486
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-26 18:01 UTC by OSIDB Bzimport
Modified:	2025-12-09 15:05 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-26 18:01:49 UTC

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed to be sufficient to enforce Secure Boot restrictions. This is an additional repair on top of the incomplete fix for CVE-2023-48733.

Note You need to log in before you can comment on or make changes to this bug.