An important warning for users of Gigabyte motherboards, one of the most widely used brands in desktop computers and workstations. Cybersecurity researchers have identified Critical vulnerabilities in UEFI firmware affecting hundreds of plate models, especially those with Intel chipsets ranging from the sixth to the eleventh generation.
The problem lies in the UEFI firmware, the low-level software responsible for system boot, which operates with very high privileges. The discovered vulnerabilities allow a attacker with administrator access, both local and remote, can run code of arbitration right at the machine's startup, a point where conventional security tools—such as antivirus—cannot intervene.
What are the discovered vulnerabilities?
Experts have identified several bugs labeled as CVE-2025-7026, CVE-2025-7027, CVE-2025-7028 and CVE-2025-7029, all of them with a high severity on the CVSS scale (8.2 out of 10). These vulnerabilities reside in privilege management and the handling of the System Management RAM (SMRAM) and the System Management Mode (SMM) firmware, extremely sensitive areas of the system.
An attacker who manages to exploit one of these flaws could introduce persistent malware (bootkit) on the computer, invisible even to the most advanced security systems and capable of surviving formatting and reinstalling the operating system. In practice, it is a back door which is almost impossible to close if the manufacturer does not correct the problem.
- CVE-2025-7029: Privilege escalation in SMM mode.
- CVE-2025-7028: Read/write access to SMRAM for code injection.
- CVE-2025-7027: Ability to modify firmware by writing to SMRAM.
- CVE-2025-7026: Allows persistent takeover of the device via SMRAM.
The seriousness of the situation lies in the fact that these attacks can be executed before the operating system starts, even bypassing the secure boot. This way, an infected computer could be completely compromised without any easy solution if the motherboard doesn't receive security updates.
Which Gigabyte models are affected?
The research —led by companies and universities specializing in computer security— has detected that More than 240 models Gigabyte motherboards distributed between 2017 and 2021 may be affected. All are models for Intel processors, with chipsets from the 100 to 500 series, as well as some H110 models. It is estimated that many of these devices no longer receive official support, which exacerbates the impact of the discovery. Motherboards for AMD processors are not affected by these vulnerabilities.
What specific risks does this security breach pose?
The most worrying scenario is the ability of a attacker to install malware at UEFI level (bootkit), which would give it complete control over your computer: it could monitor activity, install spyware, or even prevent the system from starting. The most dangerous thing is that these threats They survive even formatting and reinstallations, as they reside in the device's firmware. While the likelihood of a home user being attacked is low, in business, government, or other environments where sensitive information is handled, the risk is high.
Furthermore, exploitation of these vulnerabilities only requires that a attacker gain administrator privileges, which can be achieved by exploiting other flaws or through social engineering. Once inside, malware can remain undetected for a long time, even if traditional security tools don't detect any threats.
How do you know if your computer may be compromised?
The first step is Identify the exact model of your Gigabyte motherboardTo do this, you can use various system diagnostic tools or consult your computer's documentation. Once located, access the Gigabyte's official support website and check if there's a recent BIOS/UEFI update that fixes any security flaws related to SMRAM or system management mode. In official statements, Gigabyte has published complete lists of affected models and, if supported, the necessary updates.
In case your board is on the list of devices that already are out of support (EOL), the recommendation is to take extreme precautions: avoid installing software from unreliable sources, limit physical and remote access and consider, if the equipment is used in critical environments, the replacement with a more modern and updated model.
What solutions has Gigabyte implemented and what do experts recommend?
Gigabyte has responded to the issue with the publication of new firmware versions for supported models, along with instructions for updating the system via the Q-Flash utility, accessible from the BIOS itself. In many cases, the update addresses up to three of the four identified vulnerabilities; however, some models have not yet received full patches.
Security firms recommend not delaying the firmware update, regardless of whether your motherboard shows signs of infection or not. It's essential to always download updates from the official Gigabyte website and carefully follow the manufacturer's instructions to avoid irreversible errors during the process.
In cases where the motherboard has become unsupported and there will be no update, experts advise assess hardware renewal, especially if the team is exposed to high risks or handles sensitive data.
These vulnerabilities in numerous Gigabyte models reinforce the importance of keeping your system, including your hardware, up-to-date and protected. While the risk may be considered low for home users, in business environments and organizations, it's essential to review the security of their infrastructures and apply recommended updates to avoid being targeted by increasingly sophisticated attacks.
