CVE-2025-7028 – Apache Software SMI Handler Pointer Dereference Vulnerability

July 11, 2025

CVE ID : CVE-2025-7028

Published : July 11, 2025, 4:15 p.m. | 4 hours, 50 minutes ago

Description : A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions (ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo) that dereference both the structure and its nested members, such as BufAddr. This enables arbitrary read/write access to System Management RAM (SMRAM), allowing an attacker to corrupt firmware memory, exfiltrate SMRAM content via flash, or install persistent implants.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7029 – Intel Software SMI Handler Buffer Overflow Vulnerability

Next Article CVE-2025-7027 – ASUS Firmware SMM Privilege Escalation Vulnerability

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Why your USB-C device won’t charge – and what you can do instead

How passkeys work: Going passwordless with public key cryptography

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

CVE-2025-7028 – Apache Software SMI Handler Pointer Dereference Vulnerability

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

What to work on next?

Fortinet Security Update: Critical Patch Addressing Multiple Vulnerabilities Across Products

Bing Search APIs to be “decommissioned completely” as Microsoft urges developers to use its Azure agentic AI alternative

CVE-2025-5144 – “Stored Cross-Site Scripting in The Events Calendar for WordPress”

CVE-2025-29094 – Motivian Content Management System Cross-Site Scripting Vulnerability

Claude AI can do your research and handle your emails now – here’s how

CVE-2025-3910 – Keycloak Authorization Bypass Vulnerability

CVE-2025-6464 – Forminator Forms Unauthenticated PHP Object Injection Vulnerability

CVE-2025-7028 – Apache Software SMI Handler Pointer Dereference Vulnerability

Related Posts