COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-47827

CVE-2025-47827

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-10-14
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-47827
⌖ exploited in the wild shame 50/100 exploited-in-wild

IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Players implicated

IGEL · vendorIGEL OS · product

Description

IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.