Four UEFI Flaws in GIGABYTE Motherboards Expose 240+ Models to Persistent Bootkits

Firmware security firm Binarly disclosed that four serious vulnerabilities in GIGABYTE’s UEFI firmware put more than 240 different motherboard models at risk of undetectable, reinstall-proof bootkits. Each of the flaws, tracked as CVE‑2025‑7029 through CVE‑2025‑7026, carries a high severity score of 8.2 on the CVSS scale and resides in System Management Mode, which activates before any operating system starts. An attacker with administrator privileges, whether local or remote, could exploit these issues to hijack System Management Interrupt handlers and inject arbitrary code into System Management RAM. Because memory controls every step of the boot process, any malicious implant remains hidden beneath the operating system and survives disk wipes and Secure Boot checks, allowing the attacker to maintain persistent control of the machine.

All four bugs originate in American Megatrends reference code that was quietly shared with OEM partners under non‑disclosure agreements earlier this year. Although Gigabyte customizes that base firmware, it did not pass along the necessary fixes to end users. Binarly alerted CERT/CC on April 15, and GIGABYTE confirmed receipt on June 12, but no public advisory appeared until Bleeping Computer reporters inquired on Monday. Users should visit GIGABYTE’s support page to find and install the updated BIOS versions using the Q-Flash utility, and then re-enable Secure Boot. Devices that GIGABYTE has declared end of life may never see a patch. The company also claims only Intel-based boards are affected, leaving AMD boards untouched. Users can also run Binarly’s free risk Hunt scanner to check for exposure. According to Binarly CEO Alex Matrosov, these vulnerabilities highlight how inherited reference‑code flaws can quietly spread through the hardware supply chain.