CERT: Major security vulnerability in motherboards

What is it about?

Gigabyte, a manufacturer of computer motherboards, has vulnerabilities in some of its UEFI firmware versions (i.e., the software that runs when the computer starts up). These vulnerabilities affect a particularly sensitive area called SMM (System Management Mode), which is much deeper than the operating system.

What’s the issue?

In this SMM mode, there are program parts (known as “callouts”) that do not check inputs correctly. An attacker with administrator access to the operating system could exploit this to execute their own commands in the extremely protected SMM area – even before the operating system has fully started up.

What are the risks?

Uncontrolled firmware manipulation – An attacker can modify parts of the firmware.
Deactivation of security mechanisms – Features such as Secure Boot could be disabled, allowing other malware to remain permanently installed.
Difficult to detect – Since SMM operates below the operating system, virus scanners and firewalls usually do not detect such attacks.

What specific vulnerabilities were found?

Four vulnerabilities were discovered in Gigabyte UEFI that allow attacks via faulty pointer control (e.g., through registers such as RBX, RCX):

CVE‑2025‑7029: Uncontrolled pointers for power and thermal configuration
CVE‑2025‑7028: Incorrect verification of function pointers for accessing flash memory
CVE‑2025‑7027: Double pointer dereference in NVRAM variables
CVE‑2025‑7026: further uncontrolled writing to protected memory

What can you do?

Install the firmware update!
Gigabyte has released updated UEFI versions that close these security gaps. Users should check the Gigabyte support page to see if their device is affected and install the update.
Caution for other manufacturers!
Other manufacturers that use AMI firmware may also be affected. It is advisable to check for updates regularly.

Abstract:

Who? Gigabyte motherboards with specific UEFI firmware.
What? Serious security vulnerabilities in the SMM area, which lies deep beneath the operating system.
Why is it dangerous? It enables persistent malicious code, bypasses security features, and is difficult to detect.
Solution: Install urgently available firmware updates.

If you use motherboards from Gigabyte (or other manufacturers) and UEFI updates are available, you should install them as soon as possible—this will protect you from sophisticated attacks.

Sources: https://www.heise.de/news/CERT-warnt-vor-UEFI-Sicherheitsluecken-in-Gigabyte-Firmware-10485906.html, https://kb.cert.org/vuls/id/746790

Apple | Hacker | Hardware

Security vulnerability discovered in iPhone USB-C port
ByRichard Knausenberger 14/10/202514/10/2025

Source: https://www.macwelt.de/article/2575981/sicherheitslucke-usb-c-iphone.html Recommended protective measures: 1. Avoid physical access 2. Only use trusted chargers and cables 3. Enable USB accessory lock 4. Regular iOS updates

Read More Security vulnerability discovered in iPhone USB-C port
Cybercrime | Hacker

Botnets
ByRichard Knausenberger 17/10/202514/10/2025

What is a Botnet? A botnet is a network of computers or other Internet-enabled devices that have been infected with malware. These compromised devices—often referred to as “bots” or “zombies”—are connected to each other and can be controlled remotely without their owners noticing. The malware attempts to infect as many devices as possible. A botnet…

Read More Botnets
Cybercrime | Hacker | Phishing | Soical-Engineering

First Aid
ByRichard Knausenberger 31/10/202514/10/2025

Affected? What now? Report an incident You should report the incident to your supervisor or the IT department immediately. The sooner you notice and report the incident, the faster specialists can be called in to try to limit the damage as much as possible. Even though it may seem embarrassing to fall for a phishing…

Read More First Aid
Apple | Hacker | Hardware

Install the updates of iOS, macOS and iPadOS!
ByRichard Knausenberger 14/10/202514/10/2025

Apple recently released important security updates that allowed attackers to gain access to systems through manipulated images. For example, by sending an image via iMessage. Source: https://www.heise.de/news/Apple-legt-Update-auf-iOS-18-6-2-und-macOS-15-6-1-vor-Exploit-in-the-wild-10559974.html

Read More Install the updates of iOS, macOS and iPadOS!
Hacker

Experience Hackers Live
ByRichard Knausenberger 14/10/202514/10/2025

Honeypot sensors are installed at Deutsche Telekom’s https://www.sicherheitstacho.eu/#/en/tacho and are constantly monitored. However, hacker attacks are recorded and made visible on the website. This allows everyone to get a good idea of what’s going on. See for yourself…

Read More Experience Hackers Live
Cybercrime | Hacker

DDoS
ByRichard Knausenberger 24/10/202514/10/2025

What is a DDoS attack? A distributed denial-of-service (DDoS) attack is a coordinated attack in which a large number of infected or controlled devices simultaneously direct enormous amounts of traffic to a target system—e.g., a server, website, or entire network. This artificially generated overload severely restricts the functionality of the systems or completely paralyzes them….

Read More DDoS