A new malware is infecting Gigabyte motherboards – and there likely won't be a fix any time soon

News
By published

Many of the motherboards reached their end of life

Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat
(Image credit: Shutterstock)
  • Binarly spotted multiple flaws in UEFI firmware built by AMI
  • AMI released fixes months ago, so users should update now
  • Many Gigabyte motherboards reached EOF and thus won't be patched

UEFI firmware on dozens of Gigabyte motherboards is vulnerable to a handful of flaws which theoretically allow threat actors to deploy bootkits on compromised devices, establish stubborn persistence and execute additional malicious code remotely, experts have warned.

Security researchers Binarly recently discovered four vulnerabilities in UEFI firmware developed by American Megatrends Inc. (AMI). All four have a high severity score (8.2/10), and can lead to privilege escalation, malware installation, and other potentially destructive outcomes. They are tracked as CVE-2025-7026, CVE-2025-7027, CVE-2025-7028, and CVE-2025-7028.

Binarly reported its findings to Carnegie Mellon CERT/CC in mid-April 2025, resulting in AMI acknowledging the findings and releasing a patch in mid-June. The patch was pushed to OEMs privately, but apparently Gigabyte did not implement it at the time.

Hundreds of motherboard models affected

There are apparently more than 240 motherboard models that are impacted by these flaws.

Many won’t be patched at all because they have reached end of life, and as such, are no longer supported by Gigabyte. Instead, users worried about the vulnerabilities should upgrade their hardware to newer, supported versions.

Products from other OEMs are also said to be affected by these flaws, but until a patch is applied, their names will not be publicized.

UEFI firmware is low-level code that runs beneath the operating system, and whose job is to initialize the hardware (CPU, memory, storage), and then hand off control to the OS. When this code has flaws, threat actors can exploit them to install so-called “bootkits”, stealthy malware that loads at boot time, before the OS.

Because they run in privileged environments, bootkits can evade antivirus tools, and even survive OS reinstalls and disk replacements. This makes them highly persistent and dangerous, especially in high-security environments. The good news is that exploiting these vulnerabilities often requires admin access, which is not that easily obtainable.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.