Just read this. All other Framework computers are listed, but not 12.
2 Likes
Just got an email saying that the Framework 12 has a BIOS update to 3.06 that covers CVE-2025-4275, and the Framework 12 Intel 13th Gen BIOS page lists it now as well. The update is not showing up on the Linux side (in fwupdate) for me yet.
Update: apologies; this seems to be a different (but very similar) vulnerability called “hydroph0bia” under the listed CVE-2025-4275.
Is Framework 12 vulnerable to the new UEFI “mm” Secure Boot bypass?
I saw the HDblog article and the Eclypsium research about a UEFI shell vulnerability that allows Secure Boot bypass via an “mm” (memory modify) command. According to Eclypsium:
-
Many Framework systems shipped with signed UEFI shells containing “mm” that allow direct memory access.
-
Attackers could use that to overwrite Secure Boot variables such as
gSecurity2and disable verification. -
About 200,000 Framework units running Linux may be affected.
-
Framework is reportedly working on firmware patches.
However, I did not find any public statement confirming that Framework 12 is either vulnerable or safe. The Eclypsium list focuses on Framework 13 and desktop models; Framework 12 is not mentioned. So:
-
We cannot assume Framework 12 is safe.
-
Unless Framework explicitly states so, it’s safer to consider it potentially affected.
-
If you own a Framework 12, check for firmware updates, BIOS changelog, or query the manufacturer directly.
Does anyone here have confirmation (from Framework or verified firmware patches) that Framework 12 is safe or patched especially with the new 3.06 BIOS ?
also asked about previously over in this thread
1 Like