Dozens of gigabyte motherboard models are unsafe for safety issues on UEFI firmware that allow to plant bootkit malware that is invisible to operating systems and can re -establish restoration.
The weaknesses can allow the attackers with local or distance administrator permissions to execute arbitrary code in the system management mode (SMM), which is accompanied by a separate environment from the operating system (OS) and more privileges on the machine.
The system running under the OS uses low-level hardware and the boot starts on time. Because of this, the malware system in these environment can bypass traditional safety rescue.
UEFI, or integrated Extensible firmware interface, firmware is more secure due to safe boot facility which ensures through cryptographic verification that a device uses in boot time code which is safe and reliable.
For this reason, UEFI-Level Malware such as bootkits (blacklotus, cossmicstrand, mosaicaggressers, monBouns, lojax) can deploy malicious codes on every boot.
Many motherboards were affected
The four weaknesses are in the gigabyte firmware implementation and were discovered by the researchers of the firmware security company Binroli, who shared their conclusions with the Certificate Coordination Center (CET/CC) of Carnegie Melon University.
The original firmware supplier is the American Megatends Inc. (AMI), which has addressed issues after a personal disclosure, but some OEM firmware build (eg Gigabyte) did not apply the fix at that time.
In Gigabyte firmware implementation, Binrolli found the following weaknesses, with the high-seriousness score of all 8.2:
- Cve-2025-7029: Bug (overclocksmihandler) in an SMI handler who can give rise to SMM Previllage escalation
- Cve-2025-7028: In a SMI handler (SMIFLASH), the bug system management gives the use of reading/writing SMram, which can lead to malware installation
- Cve-2025-7027: SMM can lead to enhancing privilege and modifying firmware by writing arbitrary material to SMRAM
- Cve-2025-7026: Smram allows to write arbitrary and can increase privilege to smm and frequent firmware compromises
By our count, more than 240 motherboard models are affected-including modifications, variants and field-specific versions, with the end of 2023 and the firmware updated between 2024.
Bleepingcomputer reached Binarly for an official count and a company representative told us that “more than a hundred product lines are affected.”
Products of other enterprise device vendors are also affected by four weaknesses, but their names remain unknown until the fixes are available.
Binarly researchers informed the Carnegie Melon Certificate/CC about the issues on 15 April and Gigabyte confirmed the weaknesses on June 12, after which the firmware update was released, according to which according to it. Certificate/C.C.,
However, OEM has not published a security bulletin about security problems that were reported by Binirli. Bleepingcomputer has requested the hardware vendor to comment but we are still waiting for their response.
Meanwhile, Binurali founder and CEO Alex Matrosov told Bleeppingcomputer that Gigabyte does not release the fixed at the most likely. Many products have already reached the end of life, users should not expect to receive any safety updates.
“Because all these four weaknesses originated from the AMI reference code, the AMI revealed these weaknesses some time ago, which were only with their silent disclosure for the customers paid under the NDA, and it caused a significant impact on the downstream vendors for years when they remained unsafe and unpredictable” – Alex Matrosov – Alex Matrosov
“It seems that Gigabyte has not yet released any fix, and many affected equipment have reached a life situation, which means they will probably be weak indefinitely.”
While the risk for general consumers is low, in important environment they can assess specific risks with binrally Risk Hunt Scanner EquipmentWhich includes free detection for four weaknesses.
Various OEM computers using Gigabyte Motherboard may weaken, so users are advised to monitor for firmware updates and apply them immediately.
Update (July 14, 13:23 AD): The updated article with Binurali’s comment states that four weaknesses affect more than 100 motherboards, and other vendors’ products are affected.
While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.
Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.
