Friday, May 2, 2025
HomeCVE/vulnerabilityClevo Devices Vulnerable as Boot Guard Private Key Leaks via Firmware Updates

Clevo Devices Vulnerable as Boot Guard Private Key Leaks via Firmware Updates

Published on

SIEM as a Service

Follow Us on Google News

A recent investigation has revealed that several Clevo-based devices are vulnerable due to a leak of Boot Guard private keys.

This vulnerability was first reported on the Win-Raid forum and involves firmware updates containing sensitive Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) private keys.

Boot Guard is a security technology used by Intel to ensure that only authorized firmware is executed during system boot, preventing unauthorized code from running.

- Advertisement - Google News
The discovery of Boot Guard private keys used in Clevo devices on the Win-Raid forum.
The discovery of Boot Guard private keys used in Clevo devices on the Win-Raid forum.

However, if the private keys associated with this technology are leaked, attackers can use them to sign malicious firmware images that bypass Boot Guard’s security checks.

Investigation Details

The Binarly Research team, known for their work in uncovering UEFI ecosystem vulnerabilities, was alerted to the issue after a post on the Win-Raid forum detailed the discovery of Boot Guard key manifests in firmware updates for Clevo devices.

Upon investigation, the team confirmed that two private keys were embedded within the BootGuardKey.exe binary and standalone files.

UEFITool showing the BootGuard Key Manifest embedded in a Clevo firmware image
UEFITool showing the BootGuard Key Manifest embedded in a Clevo firmware image

These keys matched the modules used in a Clevo firmware image, effectively allowing malicious firmware to bypass Boot Guard validation.

To understand the extent of this vulnerability, Binarly integrated the leaked keys into their Transparency Platform for an ecosystem-wide scan.

The results were surprising, revealing 15 firmware images across 10 unique devices that used these compromised keys. Notably, these devices included recently released models like the Gigabyte G6X 9KG from 2025.

While the leak does not appear to affect other major vendors, the potential reach is significant due to Clevo’s role as an original design manufacturer (ODM) for several brands.

Affected Devices

The following devices have firmware images containing the leaked keys:

  • XPG Xenia 15G G2303_V1.0.8 (Clevo, Insyde)
  • Gigabyte G5 KE (Clevo, Insyde)
  • Gigabyte G5 KF 2024 (Clevo, Insyde)
  • Gigabyte G5 KF5 2024 (Clevo, Insyde)
  • Gigabyte G5 ME (Clevo, Insyde)
  • Gigabyte G6 KF (Clevo, Insyde)
  • Gigabyte G6X 9KG 2024 (Clevo, Insyde)
  • Gigabyte G7 KF (Clevo, Insyde)
  • Notebook System Firmware 1.07.07TRO1 (Clevo, Insyde)

Binarly reported the vulnerability to CERT/CC on February 28, 2025, but the case was closed shortly after without a detailed explanation.

affected by this Boot Guard private key leak
affected by this Boot Guard private key leak

The leak highlights the interconnected risks within the UEFI ecosystem, where a single key compromise can affect multiple devices across different vendors.

Recommendations

  • Users of affected devices should monitor for firmware updates that address this vulnerability.
  • Manufacturers should conduct thorough security audits to prevent similar leaks in the future.
  • The broader UEFI community should remain vigilant for signs of compromised security keys and collaborate to strengthen security standards.

The leak of Boot Guard private keys in Clevo firmware updates presents a significant security risk, underscoring the need for robust security practices across the entire UEFI ecosystem.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...