CISA issues alert on Clevo UEFI firmware Boot Guard key exposure

Clevo's UEFI firmware update packages contained private keys linked to its Intel Boot Guard implementation, presenting risks to devices utilizing this security feature. Exposure of these keys allows potential signing of unauthorized firmware, threatening the pre-boot UEFI environment integrity.

The vulnerability is identified as CVE-2025-11577 and affects versions of Clevo UEFI software containing embedded Boot Guard private keys. Intel Boot Guard is a hardware-rooted security technology verifying the Initial Boot Block (IBB) to prevent untrusted firmware execution during early boot stages, prior to UEFI initialization. The private keys were found in Clevo’s publicly released UEFI software executables that form part of the Boot Guard trust chain. This key exposure impacts not only Clevo-branded devices but may extend to other manufacturers incorporating Clevo firmware. Intel Boot Guard functions at an earlier phase than UEFI Secure Boot, which validates firmware later during the boot sequence and Operating System (OS) handoff.

The exploitation scenario involves an adversary with the capability to write to system flash storage, either through direct physical access or a privileged firmware update mechanism. Utilizing the leaked private keys, such an attacker could sign and deploy malicious firmware trusted under Boot Guard’s security checks. This trust would compromise the device’s UEFI firmware, enabling persistent and covert control over affected systems.

Clevo has withdrawn the compromised software packages that included the leaked keys; however, there are no announced public remediation measures available at this time. Users of devices running Clevo-based firmware, including systems from other original equipment manufacturers embedding this firmware, are affected.

It is advised that users evaluate their exposure to vulnerable firmware versions, maintain vigilance for unauthorized firmware alterations, and ensure firmware updates are sourced only from legitimate and verified providers.

The initial discovery and responsible disclosure of this issue were conducted by the Binarly Research Team, with reporting contributions from Thierry Laurion. Documentation of the vulnerability was prepared by Vijay Sarvepalli.