Excuse me, at what point and what type of resistor should I use? I have the same model. I was thinking of using 510-ohm, 1/4-watt, 1% tolerance resistors, grounding them to the metal plate of the USB ports. Please excuse my ignorance; I'm quite new to this. I've only been researching this for a day. Maxpower3 posted this photo.

I think they're using a script like this on a USB flash drive.
Perhaps a specialist can examine it.

thank you very much, this is interesting. where is this from?

looks totaly like AI generated junk

i don't get it. this python script is bloated rubbish? it doesn't do anything, does it?

This is fake script, it have errors of sintaxe, its a made up IA script made to impress.

thanks

Hi, is it possible to do this in a Thinkpad P14s Gen 4 (Type 21HF, 21HG) Laptop (ThinkPad) - Type 21HG
Serial Number: PF4Y6S9P

with a NPCX897KAABX ?? Thanks for your help.

not with this method.

mec1503 mec1723 mecxxx...
Anyone with good programming skills can create an effective tool.
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable.

Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to enterprise and consumer devices. Insecure NVRAM Variable Handling


The vulnerability stems from the improper use of the SecureFlashCertData NVRAM variable, which stores public keys used in UEFI trust validation.

Insyde H2O firmware relies on this variable to exchange certificates between DXE drivers and verification libraries, like LoadImage and StartImage.

However, the variable lacks write-protection, allowing attackers with administrative privileges to overwrite it with rogue certificates.

Key technical factors:

• UEFI Secure Boot Bypass: Injected certificates are trusted during early boot, enabling execution of malicious UEFI applications.
• Library Function Flaw: Common functions LibGetVariable fail to validate whether the variable is volatile or firmware-set, permitting OS-level tampering.
• Persistence Mechanism: Compromised systems may retain malware across reboots and OS reinstalls due to firmware-level persistence.

From Certificate Injection to Rootkit Deployment


Attackers exploit this flaw in three stages:

• Certificate Injection:
  • On Windows: Use PowerShell or SetFirmwareEnvironmentVariable to write a malicious certificate to SecureFlashCertData.
  • On Linux: Modify the variable via efivarfs: bashecho -n "malicious_cert_data" > /sys/firmware/efi/efivars/SecureFlashCertData-$(uuidgen)
• Malicious Payload Execution:
  During boot, the firmware validates attacker-signed UEFI binaries (e.g., cloak.dat), enabling bootkits like BlackLotus.
• Evasion:
  Malware operates below the OS layer, avoiding detection by EDR tools and surviving disk wipes.

Mitigation Strategies and Firmware Updates


To address CVE-2025-4275: Risk Factor Analysis

---

Vendor Response and Industry Implications


Insyde has released patches (INSYDE-SA-2025002) and notified OEM partners, but widespread remediation depends on device manufacturers issuing firmware updates.

This vulnerability underscores systemic risks in UEFI supply chains, where shared codebases propagate flaws across vendors like HP, Dell, and Lenovo.

Security teams should prioritize firmware updates and adopt UEFI-aware threat detection frameworks to mitigate pre-boot attack surfaces.
​------------------------- Emerging Secure Boot Bypass Vulnerabilities: CVE-2025-3052 and CVE-2025-4275

The 1898 & Co. Team



Recent disclosures have highlighted significant vulnerabilities in Secure Boot mechanisms, posing substantial risks to systems relying on UEFI firmware. The first vulnerability, CVE-2025-3052, discovered by Binarly researcher Alex Matrosov, involves a Secure Boot bypass that can disable security features on PCs and servers. This flaw affects systems trusting Microsoft's "UEFI CA 2011" certificate, which includes most modern hardware supporting Secure Boot. The vulnerability was identified in a BIOS-flashing utility signed with Microsoft's UEFI certificate, allowing it to run on any Secure Boot-enabled system. Microsoft has addressed this issue by updating the Secure Boot dbx revocation list as part of their June 2025 Patch Tuesday.
In addition to CVE-2025-3052, another Secure Boot bypass vulnerability, CVE-2025-4275, dubbed Hydroph0bia, was disclosed by Nikolaj Schlej. This flaw affects UEFI-compatible firmware based on Insyde H2O and was patched 90 days after disclosure. Both vulnerabilities allow attackers with administrative rights to disable Secure Boot, enabling the installation of bootkit malware that can evade detection by the operating system.
These vulnerabilities underscore the critical need for timely patch management and highlight the ongoing challenges in securing firmware-level components. Organizations are encouraged to update their systems promptly to mitigate these risks and prevent potential exploitation.
Threats and Vulnerabilities

CVE-2025-3052 represents a significant threat due to its ability to bypass Secure Boot protections on systems using Microsoft's UEFI CA 2011 certificate. The vulnerability is exploited through a legitimate BIOS update utility that fails to validate a user-writable NVRAM variable. Attackers can manipulate this variable to disable Secure Boot, allowing unsigned UEFI modules to execute. This flaw has been circulating since late 2022 and poses a risk to nearly all hardware supporting Secure Boot.
CVE-2025-4275, or Hydroph0bia, affects UEFI-compatible firmware based on Insyde H2O. Similar to CVE-2025-3052, it allows attackers to disable Secure Boot protections, facilitating the installation of persistent bootkit malware. This vulnerability was disclosed and patched within a 90-day window, emphasizing the importance of rapid response to firmware-level threats.
Both vulnerabilities highlight the potential for significant operational disruptions and data breaches if exploited. They affect a wide range of industries reliant on UEFI firmware for secure boot processes.
Client Impact

The identified vulnerabilities could lead to severe operational disruptions by allowing unauthorized code execution during the boot process. This can result in data breaches, financial losses, and reputational damage as attackers gain persistent access to compromised systems. Organizations may face regulatory compliance challenges if these vulnerabilities are exploited, potentially leading to audits or penalties.
Compliance implications are particularly relevant for industries with stringent data protection requirements. Failure to address these vulnerabilities could result in non-compliance with regulations such as GDPR or industry-specific standards, increasing the risk of legal and financial repercussions.
Mitigations

To mitigate the risks associated with these vulnerabilities, organizations should take the following actions:

1. Update the Secure Boot dbx revocation list immediately using the latest security updates from Microsoft.
2. Apply patches for UEFI-compatible firmware based on Insyde H2O to address CVE-2025-4275.
3. Implement robust patch management processes to ensure timely application of security updates.
4. Restrict administrative access to systems to minimize the risk of exploitation.
5. Conduct regular security audits of firmware components to identify potential vulnerabilities.

By taking these steps, organizations can reduce their exposure to these vulnerabilities and enhance their overall security posture. It is crucial to remain vigilant and proactive in addressing firmware-level threats as they emerge.
1898 & Co. Response

1898 & Co. is actively addressing the current threat landscape by offering specialized services designed to mitigate emerging threats like CVE-2025-3052 and CVE-2025-4275. Our team provides tailored security assessments and patch management solutions to help clients protect their systems against these vulnerabilities.
We have updated our security protocols to incorporate the latest threat intelligence and are collaborating with industry allies and government agencies to enhance our response capabilities. Our ongoing research efforts focus on identifying new attack vectors and developing effective countermeasures.
Through case studies and real-world examples, we demonstrate the effectiveness of our solutions in mitigating similar threats. Clients can rely on our expertise to navigate the complexities of firmware security and maintain compliance with relevant regulations.



​

Hello.
Could you tell me what I'm doing wrong? After shorting pin 4 on the j9301, I can access the BIOS, but only the date and time settings are available.

AI Slop?
ThinkPad is Phoenix. Not Insyde

This isn't artificial intelligence; I didn't want to include links because it's prohibited.

This article describes a tool developed by someone in Morocco and Egypt that works via USB.

It does not. What you posted with the script is total BS / trash. Just take a look at it instead of posting it into the wild.
And you can clearly see this is AI BS as it is full of comments and more important emojis. Never a good sign.
The USB from the video has absolutely nothing to do with the script.
I dont want to be rude. but damn... its way to easy to confuse people and let them believe what they want to believe.

DELETED

LINK DELETED. STOP POSTING SHIT !!!!!!!

Hello

Any solution for MEC 1723 on Lenovo ThinkPad X13 Gen 4 ? Can I use this method if not, is it possible to read using SVOD 4 and modify the firmware to remove the password?

No

Thank you danito. Can it be read with another programmer and reprogrammed?

There is only the new paid service on ebay from germany / for europe.