Skip to main content

Weekly Intelligence Brief on Security Alerts and Vulnerabilities - Week of October 13, 2025

October 14, 2025

Key Takeaways

  • Clevo firmware update exposes Intel Boot Guard keys.
  • Kiwire Captive Portal has three vulnerabilities, including Structured Query Language (SQL) injection.
  • CISA releases advisories on vulnerabilities in Industrial Control Systems (ICS) systems.
  • Advisories cover systems by Hitachi Energy, Mitsubishi Electric, Delta Electronics, and Rockwell Automation.

Clevo's recent UEFI firmware update contained private keys integral to Intel's Boot Guard technology. This exposure could enable an attacker to sign malicious firmware, compromising systems utilizing Clevo’s implementation. Affected parties include not just Clevo products but also other manufacturers that integrate its firmware.

Intel's Boot Guard is designed as a root of trust for early boot integrity, but the leaked keys pose significant security risks. Users are advised to assess their firmware versions and monitor for unauthorized changes. Clevo has removed the compromised software but has not yet provided public remediation steps.

Meanwhile, the Kiwire Captive Portal by SynchroWeb faced three critical vulnerabilities: SQL injection, open redirection, and Cross-Site Scripting (XSS), logged under CVE-2025-11188 through CVE-2025-11190. Users are urged to update to the latest version to mitigate potential security risks.

In addition, on October 9, CISA issued advisories addressing vulnerabilities within multiple ICS. These included alerts on Hitachi Energy's Asset Suite and Rockwell Automation products, requesting users to review for required mitigations and updates.

  1. Clevo firmware exposes Boot Guard security keys
    Clevo's UEFI firmware update contains private keys for Intel Boot Guard, exposing systems to potential attack.
  2. Kiwire Captive Portal faces three vulnerabilities
    Kiwire Captive Portal vulnerabilities, identified as CVE-2025-11188, 11189, and 11190, necessitate user action to mitigate risks.
  3. CISA announces four advisories on ICS vulnerabilities
    Advisories from CISA, released on Optical Coherence Tomography (OCT). 9, 2025, focus on security risks in ICS including Hitachi Energy and Mitsubishi Electric.
  4. CISA issues advisories on Delta, Rockwell ICS
    Advisories from CISA include details on vulnerabilities affecting Delta Electronics and Rockwell Automation's ICS.

Related Perspectives