Skip to content

Vulnerability in Gigabyte firmware lets hackers disable secure boot

  • by
  • 2 min read

Security researchers have discovered vulnerabilities in several Gigabyte firmware versions that allow hackers to disable UEFI security measures and take over the affected system. Proper exploitation can allow a hacker to elevate privileges and run arbitrary code.

This is not the first time such issues have been found. They were first discovered in AMI firmware, and the company promptly patched the issue. However, they were discovered again in Gigabyte firmware upon reinspection.

A team of security researchers from Binarly disclosed the issues to CERT/CC, which in turn passed them on to Gigabyte. They were found in the System Management Mode (SMM) — a CPU mode that handles low-level system operations and allows UEFI to interact directly with the hardware. Usually, SMM operations run within protected memory and can only be accessed via System Management Interrupt (SMI) handlers that use specific buffers to process data.

This is an image of motherboard 1

However, improper validation of these buffers can let hackers run malicious code before the operating system even loads into memory. A report from CERT/CC found the following vulnerabilities in Gigabyte’s firmware implementations:

  • CVE-2025-7029
  • CVE-2025-7028
  • CVE-2025-7027
  • CVE-2025-7026

All four of the aforementioned utilities allow an attacker to access specific areas within the system memory and write arbitrary code or content to the System Management RAM (SMRAM) to gain control over critical flash operations. Any attacker exploiting them with remote or local administrative privileges can run malicious code in SMM, bypassing all OS-level protections.

This can further allow hackers to disable UEFI security systems, including Secure Boot, and deploy firmware backdoors that can gain persistent access to the targeted system. These backdoors are also extremely hard to detect and impossible for OS-level security solutions to stop. Firmware updates patching the issues have already been released, and users are recommended to install them as soon as possible.

In the News: Elmo gets hacked, starts making problematic claims on X

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Security flaw in Dahua CCTVs allows remote access

This is an image of python windows featured

Hackers are targeting Python developers with fake PyPI sites

This is an image of apple featured 2323424823

Apple patches Safari bug; Already exploited in Chrome

This is an image of dark web hacker security

Vibe coding platform breach exposes corporate apps

This is an image of dark web hacker security

Fake apps are stealing data blackmailing users on Asian mobile networks

This is an image of ransomware 32988sd

FBI collects dues from Chaos ransomware gang; $2.4 million in crypto seized

>