Security researchers have uncovered new firmware threats affecting hundreds of Gigabyte motherboards. This flaw allows bad actors to implement bootkit malware that is invisible to the operating system and thus can survive reinstalls. In light of this, users with affected motherboards are encouraged to update their UEFI BIOS as soon as possible.
Firmware security firm Binarly has disclosed four serious vulnerabilities in the UEFI (Unified Extensible Firmware Interface) of over 240 different Gigabyte motherboards, putting users at risk of undetectable attacks. These include revisions, variants, and region-specific models, with firmware updated between late 2023 and mid-August 2024.
Labelled as CVE-2025-7029, CVE-2025-7028, CVE-2025-7027, and CVE-2025-7026, these flaws carry a high severity score of 8.2 on the CVSS scale since they reside in the System Management Mode (SMM). They open the gates for attackers with local or remote admin permissions to execute code with high privileges on the machine. With such access to operating mode on x86 processors, potential attackers can inject their payloads before any operating system starts, rendering it undetectable by traditional protection tools.
To make matters worse, this malicious implant can remain hidden beneath the operating system, even surviving disk wipes and Secure Boot checks. In other words, the attacker can maintain control over the machine even after aggressive attempts at cleaning it. Below, you can find more details about the effects of each one.
- CVE-2025-7029: A bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation.
- CVE-2025-7028: A bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation.
- CVE-2025-7027: Can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM.
- CVE-2025-7026: Allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise.
Note that while all four bugs are present in Gigabyte’s motherboards, the flaw lies with American Megatrends Inc (AMI) reference code. Furthermore, reports indicate products from other brands may also be vulnerable to the same attacks.
Gigabyte shares these vulnerabilities impact that Intel H110, Z170, H170, B150, Q170, Z270, H270, B250, Q270, Z370, B365, Z390, H310, B360, Q370, C246, Z490, H470, H410, W480, Z590, B560, H510, and Q570 motherboards. AMD motherboards are not at risk.
Customers using one of the affected chipsets should update their boards to the latest BIOS versions as soon as they become available. Unfortunately, some of these products are no longer supported, meaning that there may not be any updates for them. That said, Gigabyte encourages owners of such models to contact support.
The update process is fairly simple using the brand’s Q-Flash utility, even for novices, and guides are also available for those going through this for the first time. So, there is no reason to remain at risk, as low as it may be for a home user.
