BIOS security update closes malicious code gap in HP PCs

If you own a computer from HP, you should update the BIOS for security reasons. Otherwise, attackers can attack systems and, in the worst case, execute malicious code.

Attack with hurdles

In a warning message from HP, the vulnerability (CVE-2025-5477) is listed with a threat level of "high". According to the article, successful attacks can have various effects. For example, attackers can access information that is actually sealed off or even execute their own code. The latter usually leads to PCs being completely compromised.

However, it is clear from the brief description of the vulnerability that attacks are not possible without further ado. According to the description, attackers need physical access to a device and special equipment and expertise is also required. It is not yet known how an actual attack could take place. It is also currently unclear whether there are already attacks and how to recognize a system that has already been successfully attacked.

Security patch

The vulnerable models are listed in the warning message. These include models from the following HP series:

• Business notebooks from the Dragonfly series, for example
• Business desktop PCs from the Elite series, for example
• Retail point-of-sale systems (POS), for example from the Engage Flex series
• Thin client PCs from the mt21 series, for example

Whether workstations are at risk is still being investigated. HP supplies security updates as a software package (SoftPaqs). However, their listing is beyond the scope of this message. Owners of affected PCs must search for their model in the warning message and download and install the relevant security update.

(des)