CVE-2025-4410 HIGH

CVE-2025-4410: SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution.

Vendor Insyde Software
Product InsydeH2O
Weakness CWE-20 · Input validation
Published August 13, 2025
Last update August 14, 2025

CVSS base score

7.5/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.

Key dates

02Disclosure timeline

August 13, 2025 CVE published
August 14, 2025 Record updated