DigiNews

Summary

The article analyzes Hydroph0bia CVE-2025-4275, a SecureBoot bypass affecting Insyde H2O-based firmware. It compares vendor responses (Dell delivered a fix; Lenovo and Framework remain vulnerable) and details the firmware-level changes in BdsDxe, SecurityStubDxe, and SecureFlashDxe. It discusses the conditional effectiveness of fixes and argues for architectural changes to avoid storing security-sensitive data in NVRAM.