More than 240 Gigabyte motherboard models are vulnerable to critical security flaws in their UEFI firmware that could allow attackers to install stealthy bootkit malware.
These vulnerabilities enable malicious code execution in System Management Mode (SMM), a privileged environment that operates beneath the operating system and can bypass traditional security defenses.
Researchers at firmware security company Binarly discovered the four high-severity vulnerabilities, which affect firmware implementations based on American Megatrends Inc. (AMI) reference code. Although AMI issued silent patches under NDA for its paying customers, Gigabyte has reportedly failed to apply the fixes to many of its motherboard models. Some of the affected products have already reached end-of-life, making it unlikely that users will receive security updates.
The four vulnerabilities, each rated with a severity score of 8.2, include bugs in system management interrupt (SMI) handlers that allow unauthorized access to System Management RAM (SMRAM), leading to privilege escalation and persistent malware installation. The affected CVEs are CVE-2025-7029, CVE-2025-7028, CVE-2025-7027, and CVE-2025-7026.
According to Binarly, the attack vector requires local or remote administrative privileges, but once exploited, malware could persist across reboots and OS reinstalls. This kind of UEFI-level malware is extremely difficult to detect and remove, posing a significant risk to systems in high-security environments.
Although Gigabyte confirmed the vulnerabilities in June following disclosure to Carnegie Mellon University’s CERT Coordination Center, the company has not released a public advisory or provided firmware updates for many of the affected models. Binarly CEO Alex Matrosov stated that Gigabyte is unlikely to release fixes for products that are no longer supported.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Other OEMs using similar firmware may also be impacted, though their names have not been disclosed. Users concerned about exposure can use Binarly’s Risk Hunt scanner tool to detect the vulnerabilities. For now, affected users are advised to monitor Gigabyte’s support site for any available firmware updates and consider replacing unsupported hardware in sensitive environments.
