Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Insyde Software
Insydeh2o

Insyde Software InsydeH2O Vulnerabilities: CVEs, CISA KEV & Security Advisories

Insyde Software

11 CVEs

Insyde Software InsydeH2O Vulnerabilities

CVE security advisories and vulnerability history for InsydeH2O by Insyde Software.

11

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

0

Public exploits

With known exploit

7.6

Avg CVSS

2025–2025

Last updated December 12, 2025

Overview

Insyde Software InsydeH2O has 11 published CVE records since 2025, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 7.6.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Insyde Software InsydeH2O, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list. Affected platforms include See in the Reference link, kernel 5.2, kernel 5.3, kernel 5.4, kernel 5.5, kernel 5.6.

Severity and exploitation

How the CVSS severity of Insyde Software InsydeH2O's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High9

Medium2

Low0

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Insyde Software InsydeH2O's CVEs are currently listed in CISA's KEV catalog.

Public exploits

0

No Insyde Software InsydeH2O CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every Insyde Software InsydeH2O version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

L05.05.40.011803.1720796 CVEs
05.2A.161 CVE
05.2A.211 CVE
05.39.161 CVE
05.39.181 CVE
05.39.211 CVE
05.47.161 CVE
05.47.181 CVE
05.47.211 CVE
05.55.161 CVE
05.55.181 CVE
05.55.211 CVE
05.62.161 CVE
05.62.181 CVE
05.62.211 CVE
05.71.161 CVE
05.71.181 CVE
05.71.211 CVE

Default status

All versions1 CVE

Find a version

11 CVEs

Sort

H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)
CVE-2025-10451CWE-787
High · CVSS 8.2
EPSS 0.0% (6th pct)2025-12-12
SetupUtility: A buffer overflow vulnerability leads to arbitrary code execution.
CVE-2025-4410
Patch
CWE-20
High · CVSS 7.5
EPSS 0.0% (6th pct)2025-08-13
Tcg2Smm: improper input validation may lead to arbitrary code execution
CVE-2025-4277
Patch
CWE-20
High · CVSS 7.5
EPSS 0.0% (8th pct)2025-08-13
UsbCoreDxe: improper input validation may lead to arbitrary code execution
CVE-2025-4276
Patch
CWE-20
High · CVSS 7.5
EPSS 0.0% (8th pct)2025-08-13
SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module
CVE-2025-4426
Patch
CWE-200
Medium · CVSS 6.0
EPSS 0.1% (26th pct)2025-07-30
SetupAutomationSmm: Stack overflow vulnerability in SMI handler
CVE-2025-4425
Patch
CWE-121
High · CVSS 8.2
EPSS 0.1% (26th pct)2025-07-30
SetupAutomationSmm : Arbitrary calls to SmmSetVariable with unsanitised arguments in SMI handler
CVE-2025-4424
Patch
CWE-20
Medium · CVSS 6.0
EPSS 0.1% (26th pct)2025-07-30
SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption
CVE-2025-4423
Patch
CWE-119
High · CVSS 8.2
EPSS 0.1% (26th pct)2025-07-30
EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module
CVE-2025-4422
Patch
CWE-787
High · CVSS 8.2
EPSS 0.1% (26th pct)2025-07-30
EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
CVE-2025-4421
Patch
CWE-787
High · CVSS 8.2
EPSS 0.1% (26th pct)2025-07-30
SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate
CVE-2025-4275
Patch
High · CVSS 7.8
EPSS 0.1% (22th pct)2025-06-11

Common weakness types

The CWE weakness categories most often found in Insyde Software InsydeH2O CVEs. Follow any weakness for its full explanation.

CWE-20Improper Input Validation4 CVEs
CWE-787Out-of-bounds Write3 CVEs
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer1 CVE
CWE-121Stack-based Buffer Overflow1 CVE
CWE-200Exposure of Sensitive Information to an Unauthorized Actor1 CVE

Other Insyde Software products

Browse vulnerabilities for other products by Insyde Software.

InsydeH2O tools4 CVEs

All Insyde Software vulnerabilities

Frequently asked questions

Common questions about Insyde Software InsydeH2O vulnerabilities.

How many CVEs does Insyde Software InsydeH2O have?

Insyde Software InsydeH2O has 11 published CVE records since 2025.

How many Insyde Software InsydeH2O CVEs are in CISA KEV?

None of Insyde Software InsydeH2O's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for Insyde Software InsydeH2O vulnerabilities?

No Insyde Software InsydeH2O CVEs currently have a tracked public exploit in this dataset.

Which versions of Insyde Software InsydeH2O are affected?

19 distinct Insyde Software InsydeH2O versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in Insyde Software InsydeH2O CVEs?

Insyde Software InsydeH2O's CVEs most often map to these CWE weakness types: CWE-20 (Improper Input Validation), CWE-787 (Out-of-bounds Write), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow).

What is the average severity of Insyde Software InsydeH2O CVEs?

The average CVSS base score across Insyde Software InsydeH2O's scored CVEs is 7.6.

References

All Insyde Software vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Insyde Software InsydeH2O vulnerabilities

Monitor new Insyde Software InsydeH2O vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Other products
FAQ
References