Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

IGEL OS secure boot bypass, actively exploited (CVE-2025-47827)

Vulnerability
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-47827 is an actively exploited secure boot bypass in IGEL OS that can undermine the trust boundary on virtual desktop endpoints. The flaw matters because attackers may deploy a kernel-level rootkit and then tamper with virtual desktops, including credential capture. A proof of concept has reportedly been available since May, making abuse easier. The attack is not remote and usually requires physical access, so evil-maid scenarios are the main concern.

Related Happenings

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First: 12.02.2026 23:34 Last: 12.02.2026 23:34 Sources 1

About this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...

Open Happening

HPE OneView RondoDox exploitation wave (CVE-2025-37164)

Exploitation Wave
First: 16.01.2026 11:15 Last: 16.01.2026 11:15 Sources 1

About this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...

Open Happening

WireTap memory-bus interposer analysis breaks Intel SGX attestation on DDR4 systems

Technical Analysis
First: 01.10.2025 20:20 Last: 01.10.2025 20:20 Sources 1

About this happening: Researchers demonstrated **WireTap**, a **memory-bus interposer** attack that can extract **Intel SGX attestation keys** on **DDR4 systems**, undermining enclave confidentiality a...

Open Happening

VMware Aria Operations and VMware Tools CVE-2025-41244 exploitation wave

Exploitation Wave
First: 30.09.2025 17:54 Last: 30.09.2025 17:54 Sources 1

About this happening: A **CVE-2025-41244** exploitation wave has affected **VMware Aria Operations** and **VMware Tools** since **mid-October 2024**, creating **privilege-escalation** risk on vulnerabl...

Latest development: 31.10.2025 09:09

CISA added CVE-2025-41244 affecting Broadcom VMware Tools and VMware Aria Operations to the KEV catalog after reports of active exploitation in the wild. Broadcom had already addressed the flaw, which NVISO Labs says was abused as a zero-day since mid-October 2024 to escalate a local actor to root on vulnerable VMs. Federal Civilian Executive Branch agencies must apply mitigations by November 20, 2025.

Open Happening

Timeline

  1. 15.10.2025 12:45 2 articles · 7mo ago

    IGEL OS secure boot bypass is actively exploited

    Initial Disclosure

    Microsoft’s October Patch Tuesday update lists CVE-2025-47827 as an actively exploited secure boot bypass in IGEL OS, a third-party operating system used for virtual desktop infrastructure. A proof of concept has reportedly been available since May, and exploitation typically requires physical access, making evil-maid style attacks the most likely vector for affected IGEL OS endpoints.

    Show sources
    Open in new tab