CVE-2025-36755 (GCVE-0-2025-36755)

Vulnerability from cvelistv5 – Published: 2025-12-12 14:58 – Updated: 2025-12-13 08:16
VLAI?
Title
CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard
Summary
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.
Severity ?
2.4 (Low)
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green
CWE
  • CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State
  • CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
CleverDisplay B.V. BlueOne (CleverDisplay Hardware Player) Affected: 12.11.1 (semver)
Unaffected: 12.12.1 , ≤ * (semver)
Create a notification for this product.
Credits
Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker. Dennis Kussendrager (DIVD) Victor Pasman (DIVD)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-36755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-12T18:50:02.532239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-12T18:50:19.575Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "Enclosure / USB keyboard interface / BIOS \u0026 GRUB boot process"
          ],
          "product": "BlueOne (CleverDisplay Hardware Player)",
          "vendor": "CleverDisplay B.V.",
          "versions": [
            {
              "status": "affected",
              "version": "12.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "12.12.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker."
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Dennis Kussendrager (DIVD)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Victor Pasman  (DIVD)"
        }
      ],
      "datePublic": "2025-08-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press \u003cstrong\u003eESC\u003c/strong\u003e during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
            }
          ],
          "value": "The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-522",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-522 Malicious Hardware Component Replacement"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "NOT_DEFINED",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1244",
              "description": "CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1191",
              "description": "CWE-1191: On-Chip Debug and Test Interface With Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-13T08:16:14.495Z",
        "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "shortName": "DIVD"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/CVE-2025-5743/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://csirt.divd.nl/DIVD-2025-00043"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
            }
          ],
          "value": "BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
    "assignerShortName": "DIVD",
    "cveId": "CVE-2025-36755",
    "datePublished": "2025-12-12T14:58:22.970Z",
    "dateReserved": "2025-04-15T21:54:36.815Z",
    "dateUpdated": "2025-12-13T08:16:14.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-36755\",\"sourceIdentifier\":\"csirt@divd.nl\",\"published\":\"2025-12-12T15:15:53.433\",\"lastModified\":\"2025-12-12T15:17:31.973\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:D/RE:L/U:Green\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\"}}]},\"weaknesses\":[{\"source\":\"csirt@divd.nl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1191\"},{\"lang\":\"en\",\"value\":\"CWE-1244\"}]}],\"references\":[{\"url\":\"https://csirt.divd.nl/CVE-2025-5743/\",\"source\":\"csirt@divd.nl\"},{\"url\":\"https://csirt.divd.nl/DIVD-2025-00043\",\"source\":\"csirt@divd.nl\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-36755\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-12T18:50:02.532239Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-12T18:50:12.194Z\"}}], \"cna\": {\"title\": \"CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker.\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Dennis Kussendrager (DIVD)\"}, {\"lang\": \"en\", \"type\": \"analyst\", \"value\": \"Victor Pasman  (DIVD)\"}], \"impacts\": [{\"capecId\": \"CAPEC-522\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-522 Malicious Hardware Component Replacement\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.4, \"Automatable\": \"NO\", \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Green\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"CleverDisplay B.V.\", \"modules\": [\"Enclosure / USB keyboard interface / BIOS \u0026 GRUB boot process\"], \"product\": \"BlueOne (CleverDisplay Hardware Player)\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.11.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"12.12.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access.\", \"base64\": false}]}], \"datePublic\": \"2025-08-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://csirt.divd.nl/CVE-2025-5743/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://csirt.divd.nl/DIVD-2025-00043\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\\u2019s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device\\u2019s protective enclosure, it was possible to connect a USB keyboard and press \u003cstrong\u003eESC\u003c/strong\u003e during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1244\", \"description\": \"CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1191\", \"description\": \"CWE-1191: On-Chip Debug and Test Interface With Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"shortName\": \"DIVD\", \"dateUpdated\": \"2025-12-13T08:16:14.495Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-36755\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-13T08:16:14.495Z\", \"dateReserved\": \"2025-04-15T21:54:36.815Z\", \"assignerOrgId\": \"b87402ff-ae37-4194-9dae-31abdbd6f217\", \"datePublished\": \"2025-12-12T14:58:22.970Z\", \"assignerShortName\": \"DIVD\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.