Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Insyde Software — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting Insyde Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Insyde Software develops firmware and BIOS solutions for hardware manufacturers, primarily serving as low-level system software for laptops, servers, and embedded systems. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation flaws and insecure default configurations. The company has faced scrutiny for multiple critical vulnerabilities, including several high-severity flaws that could allow attackers to bypass security controls or gain system-level access. With 15 CVEs currently on record, security researchers have identified recurring issues in their firmware implementations, highlighting challenges in secure coding practices and timely patch management across their product lines.

Top products by Insyde Software: InsydeH2O InsydeH2O tools
CVE IDTitleCVSSSeverityPublished
CVE-2025-12053 egwindrvx64.sys is potentially vulnerable to a buffer overflow — InsydeH2O toolsCWE-787 7.8 High2026-01-14
CVE-2025-12052 egwindrv.sys is potentially vulnerable to a buffer overflow. — InsydeH2O toolsCWE-787 7.8 High2026-01-14
CVE-2025-12051 H2OFFT64.sys is potentially vulnerable to a buffer overflow. — InsydeH2O toolsCWE-787 7.8 High2026-01-14
CVE-2025-12050 In H2OFFT32.sys is potentially vulnerable to a buffer overflow. — InsydeH2O toolsCWE-787 7.8 High2026-01-14
CVE-2025-10451 H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write) — InsydeH2OCWE-787 8.2 High2025-12-12
CVE-2025-4410 SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution. — InsydeH2OCWE-20 7.5 High2025-08-13
CVE-2025-4277 Tcg2Smm: improper input validation may lead to arbitrary code execution — InsydeH2OCWE-20 7.5 High2025-08-13
CVE-2025-4276 UsbCoreDxe: improper input validation may lead to arbitrary code execution — InsydeH2OCWE-20 7.5 High2025-08-13
CVE-2025-4426 SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module — InsydeH2OCWE-200 6.0 Medium2025-07-30
CVE-2025-4425 SetupAutomationSmm: Stack overflow vulnerability in SMI handler — InsydeH2OCWE-121 8.2 High2025-07-30
CVE-2025-4424 SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler — InsydeH2OCWE-20 6.0 Medium2025-07-30
CVE-2025-4423 SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption — InsydeH2OCWE-119 8.2 High2025-07-30
CVE-2025-4422 EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module — InsydeH2OCWE-787 8.2 High2025-07-30
CVE-2025-4421 EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module — InsydeH2OCWE-787 8.2 High2025-07-30
CVE-2025-4275 SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate — InsydeH2O 7.8 High2025-06-11

This page lists every published CVE security advisory associated with Insyde Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.