Cybersecurity experts just found a flaw in the UEFI firmware that many modern motherboards use. The “bug” could let attackers do direct memory access (DMA) attacks on systems, which may enable unauthorized users to gain deep and persistent access to affected systems under certain conditions, and the worst part is that it affects boards from several major manufacturers, including Gigabyte, MSI, ASUS, and ASRock.
To give you context, the PC motherboard contains low-level software called UEFI, or Unified Extensible Firmware Interface, which securely starts the operating system and initializes hardware components. One of its primary security obligations is to enable the Input-Output Memory Management Unit (IOMMU), a hardware-based isolation mechanism that is intended to safeguard system memory. If set up correctly, the IOMMU stops external devices from reading or writing to random parts of system RAM.
Components such as PCIe expansion cards, Thunderbolt peripherals, GPUs, and similar hardware that can access memory directly without passing through the CPU are included in DMA-capable devices. Malicious or compromised hardware can have less of an impact because these devices are limited to particular memory regions if the IOMMU is operational and properly initialized.
The recently discovered vulnerability is caused by the wrong way this protection was set up; in affected motherboards, the UEFI firmware says that DMA protection is on, even though the IOMMU was never fully or correctly set up, and then the operating system consequently assumes that memory protections are implemented, even though they are not actively enforced.
The issue is being tracked under multiple vulnerability identifiers: CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304, as motherboard vendors implement UEFI features differently.
Researchers at Riot Games, the developer of well-known multiplayer games like League of Legends and Valorant, were the first ones to identify the vulnerability. Vanguard, Riot’s anti-cheat system, is implemented at the kernel level and incorporates safeguards that are intended to prevent unauthorized system manipulation. Valorant may be prevented from launching on systems that are affected by this specific flaw, as it detects an unsafe hardware security state.
There is an important limitation to think about, even though the possible effect could be terrible: the ability to physically access the system and connect a malicious PCIe or similar device before the operating system boots up are prerequisites for a DMA attack. Consequently, the probability of widespread exploitation is substantially diminished, particularly for residential users.
Users are being advised to monitor updates from their motherboard manufacturers and apply any available firmware patches. Updating the UEFI firmware is still essential to preserving system security, particularly in light of the ongoing evolution of hardware-level attacks.
Filed in . Read more about Asus, Cybersecurity, Gigabyte, Msi and Security.