CVE-2024-33659

High

Published: 11 February 2025

Published

11 February 2025

Modified

02 October 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0007 20.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.

Security Summary

CVE-2024-33659 is an improper input validation vulnerability (CWE-20) in the AMI APTIOV BIOS firmware. It affects systems utilizing this BIOS component, where flawed validation allows attackers to manipulate inputs during local operations.

A local attacker with low privileges (AV:L/AC:L/PR:L) can exploit the vulnerability without user interaction (UI:N). Successful exploitation enables overwriting arbitrary memory and executing arbitrary code at the System Management Mode (SMM) level, with a changed scope (S:C) that grants high-impact privileges, compromising confidentiality, integrity, and availability (CVSS:3.1 score of 8.8: C:H/I:H/A:H).

AMI security advisory AMI-SA-2025002 details the issue and is available at https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf for mitigation guidance and patching information.

Details

CWE(s): CWE-20

Affected Products

ami

aptio v

5.0 — 5.038

References

https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf
Vendor Advisory · biossecurity@ami.com