Security researchers have identified vulnerabilities in several Gigabyte firmware versions that could let attackers bypass UEFI security features and gain control of affected systems.
The vulnerabilities were found in the System Management Mode (SMM), a highly privileged processor mode that manages low-level system functions and allows UEFI to communicate directly with hardware.
SMM runs in protected memory and can only be accessed through System Management Interrupt (SMI) handlers, which use specific buffers to process information.
However, if these buffers are not properly validated, attackers may be able to run code before the operating system starts. Carnegie Mellon University’s CERT Coordination Center (CERT/CC) warns that Gigabyte’s UEFI modules make systems vulnerable to such exploits.
CERT/CC explains that attackers could use these flaws to increase their privileges and run arbitrary code within the SMM environment of a UEFI-enabled processor.
The issues were first found in AMI firmware, which addressed them through private disclosures. More recently, the same flaws were found in Gigabyte firmware, affecting dozens of products.
The vulnerabilities are identified as CVE-2025-7026, CVE-2025-7027, CVE-2025-7028, and CVE-2025-7029. These bugs can let attackers write to specific memory areas, insert arbitrary content into System Management RAM (SMRAM), and interfere with critical flash memory operations.
According to CERT/CC, an attacker with either local or remote admin access could exploit the flaws to run code in System Management Mode, which operates beneath the OS. This would allow them to disable protections like Secure Boot and install persistent firmware implants that would go undetected by standard endpoint security tools.
Binarly, the security firm that discovered and reported the issues, warns that such implants could survive even after reinstalling the operating system. They could also potentially bypass memory isolation features used by hypervisors.
Gigabyte reportedly acknowledged the vulnerabilities a month ago. CERT/CC says the company has released firmware updates to address the flaws. Users are advised to visit Gigabyte’s security page regularly for update details and installation instructions.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
