CVE-2025-33043 - Vulnerability Details - OpenCVE

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00016.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ami	Aptio V

Configuration 1 [-]

cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-16381	APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025005.pdf
https://www.kb.cert.org/vuls/id/209095

History

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://www.kb.cert.org/vuls/id/209095

Thu, 02 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ami Ami aptio V
CPEs		cpe:2.3:o:ami:aptio_v::::::::
Vendors & Products		Ami Ami aptio V

Thu, 29 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
Title		SMM buffer Integrity
Weaknesses		CWE-20
References		https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025005.pdf
Metrics		cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: AMI

Published: 2025-05-29T14:00:09.944Z

Updated: 2025-11-03T19:53:58.639Z

Reserved: 2025-04-15T16:15:34.583Z

Link: CVE-2025-33043

Vulnrichment

Updated: 2025-11-03T19:53:58.639Z

NVD

Status : Modified

Published: 2025-05-29T14:15:35.523

Modified: 2025-11-03T20:18:30.123

Link: CVE-2025-33043

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33043", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "state": "PUBLISHED", "assignerShortName": "AMI", "dateReserved": "2025-04-15T16:15:34.583Z", "datePublished": "2025-05-29T14:00:09.944Z", "dateUpdated": "2025-11-03T19:53:58.639Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AptioV", "vendor": "AMI", "versions": [{"lessThanOrEqual": "AptioV_5.011", "status": "affected", "version": "AptioV_5.0", "versionType": "custom"}]}], "datePublic": "2025-05-29T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity."}], "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2025-05-29T14:00:09.944Z"}, "references": [{"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025005.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "SMM buffer Integrity", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-29T14:09:44.410765Z", "id": "CVE-2025-33043", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T14:09:53.176Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/209095"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:58.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/209095"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:58.639Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33043", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-29T14:09:44.410765Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T14:09:48.853Z"}}], "cna": {"title": "SMM buffer Integrity", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AMI", "product": "AptioV", "versions": [{"status": "affected", "version": "AptioV_5.0", "versionType": "custom", "lessThanOrEqual": "AptioV_5.011"}], "defaultStatus": "unaffected"}], "datePublic": "2025-05-29T14:00:00.000Z", "references": [{"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025005.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.", "supportingMedia": [{"type": "text/html", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "shortName": "AMI", "dateUpdated": "2025-05-29T14:00:09.944Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33043", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:53:58.639Z", "dateReserved": "2025-04-15T16:15:34.583Z", "assignerOrgId": "7e9044f1-7f56-4c38-8864-c0c7302263d6", "datePublished": "2025-05-29T14:00:09.944Z", "assignerShortName": "AMI"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*", "matchCriteriaId": "30B9E9EB-45FB-47C9-955C-5BA910044A30", "versionEndExcluding": "5.011", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity."}, {"lang": "es", "value": "APTIOV contiene una vulnerabilidad en la BIOS que permite a un atacante causar una validaci\u00f3n de entrada incorrecta localmente. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda afectar a la integridad.\n"}], "id": "CVE-2025-33043", "lastModified": "2025-11-03T20:18:30.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 4.7, "source": "biossecurity@ami.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-29T14:15:35.523", "references": [{"source": "biossecurity@ami.com", "tags": ["Vendor Advisory"], "url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025005.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/209095"}], "sourceIdentifier": "biossecurity@ami.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "biossecurity@ami.com", "type": "Secondary"}]}