INSYDE-SA-2025010 Product Information Product: InsydeH2O CVSS Score: 7.8 Original Date: 2026-01-13 Last Revised: Not specified Summary Buffer overflow vulnerabilities in the InsydeH2O tools. Vulnerability Details Lack of kind validation when specifying the selection flag ( ) Lack of validation on the flag to read a registry value to which an untrusted user-mode user has access may lead to a buffer overflow. is potentially vulnerable to a buffer overflow CVE-2025-12053: is potentially vulnerable to a buffer overflow CWE-787: Out-of-bounds Write Solution Information Please use tools with the following versions or newer: 1. H2OFFT (mobile version): 6.76.00 2. H2OFFT (server/embedded version): 200.02.01.00 3. H2OUVE: 200.02.01.00 4. H2OSDE: 200.02.01.00 5. H2ORTE: 200.02.01.00 6. H2OOAE: 200.02.01.00 7. H2OPCM: 200.02.01.00 8. H2OELV: 200.02.01.00 9. H2OUVE_ARM: 200.02.01.00 10. H2OSDE_ARM: 200.02.01.00 11. H2ORTE_ARM: 200.02.01.00 12. OEM tools - HP FlashWin: 6.51.00 - HP Readback tool: 1.2.4.0 - HP FlashVerifyUtility: 6.2.5.0 - HP IsSecureBootKeyInstaller: 1.2.0.2 Revision History