CVE-2025-4276 | Insyde H2O UsbCoreDxe input validation

A vulnerability was found in Insyde H2O up to 05.39.17/05.47.17/05.55.17/05.62.17/05.71.17. It has been declared as critical. This vulnerability affects unknown code of the component UsbCoreDxe. The manipulation leads to improper input validation.

This vulnerability was named CVE-2025-4276. Attacking locally is a requirement. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More