CVE-2025-10451 HIGH

CVE-2025-10451: H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Vendor Insyde Software
Product InsydeH2O
Weakness CWE-787
Published December 12, 2025
Last update December 12, 2025

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.

Key dates

02Disclosure timeline

December 12, 2025 CVE published
December 12, 2025 Record updated