CVE-2024-5477 HIGH

CVE-2024-5477

Vendor Hp Inc.
Product Certain HP PC Products
Weakness CWE-1256
Published August 13, 2025
Last update August 13, 2025

CVSS base score

7.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
August 13, 2025 Record updated