CVE-2025-47827
Published: 05 June 2025
Summary
CVE-2025-47827 is a medium-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Bootkit (T1542.003); ranked in the top 23.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
In IGEL OS before version 11, Secure Boot can be bypassed due to improper cryptographic signature verification in the igel-flash-driver module. This flaw, tracked under CWE-347, ultimately allows a crafted root filesystem to be mounted from an unverified SquashFS image. The vulnerability carries a CVSS 3.1 score of 4.6 with a physical attack vector.
An attacker with physical access to an affected device can exploit the signature verification weakness to load untrusted filesystem content, bypassing the Secure Boot protections that would otherwise prevent such tampering. The attack requires no authentication or user interaction and results in a high availability impact according to the provided scoring.
Public references, including entries in the Microsoft Security Response Center and CISA's Known Exploited Vulnerabilities catalog, indicate that the issue has been observed in real-world exploitation. No specific patch or mitigation details are provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16999
Vulnerability details
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
- CWE(s)
- KEV Date Added
- 14 October 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables Secure Boot bypass via improper cryptographic signature verification in igel-flash-driver, allowing crafted root filesystem mount and arbitrary kernel load via kexec, facilitating bootkit deployment (T1067, T1542.003) and exploitation for defense evasion (T1211).
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic signing and verification of system components to block loading of unverified SquashFS images during boot.
Mandates integrity verification of software and firmware using cryptographic mechanisms, directly countering the flawed signature check in igel-flash-driver.
Requires hardware-rooted protections (e.g., Secure Boot enforcement) that would prevent bypass via physical media even if driver verification fails.