heise PlusAbo
Anzeige

HP PCs: Attackers can gain higher privileges via UEFI vulnerabilities

Computers from HP are vulnerable via several weaknesses in UEFI and Device Manager.

listen Print view
A woman presses a symbolic update button.

(Image: Alfa Photo/Shutterstock.com)

1 min. read
Security
By

Admins who manage PCs with HP Device Manager should update the application for security reasons. Furthermore, the developers have closed several BIOS vulnerabilities.

Install Security Updates

Various HP computers are attackable via a total of six UEFI security vulnerabilities. If attacks are successful, attackers can gain higher user privileges (e.g., CVE-2025-20064 “high”). The affected models and links to the security patches can be found in a warning message.

Videos by heise

The device management software Device Manager is vulnerable via several weaknesses in components such as Curl (CVE-2023-38545 “critical”), OpenSSL (CVE2025-9230 “high”), and Tomcat (CVE-2025-52434 “high”). In the worst case, malicious code can get onto systems. In a warning message, the developers state that HP Device Manager 5.0.16 is secured against the described attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten