IGEL OS Use of a Key Past its Expiration Date Vulnerability (CVE-2025-47827)
IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
An attacker, without authentication, can achieve partial data exposure, complete denial of service or system unavailability. Federal agencies are required to remediate by 2025-11-04 under CISA BOD 22-01.
This is a Software Vulnerability (CWE-347) (CWE-347) vulnerability in IGEL IGEL OS. In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. Exploitation requires physical access, low attack complexity, no authentication required, and no user interaction required.
Probably yes if any of these apply:
Affected OS versions
Active exploitation documented in the wild. Threat-research write-up: https://github.com/Zedeldi/CVE-2025-47827
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
References
Per-OS KB reference
Per-Windows-Server-version KB mapping for this vulnerability. Each KB is the cumulative update that contains the fix for the listed OS version. Apply the KB for the OS you are running.
| Windows Server version | Cumulative update | Microsoft Update Catalog | |---|---|---| | Windows Server 2012 R2 | KB5066873 | https://catalog.update.microsoft.com/Search.aspx?q=KB5066873 | | Windows Server 2016 | KB5066836 | https://catalog.update.microsoft.com/Search.aspx?q=KB5066836 | | Windows Server 2019 | KB5066586 | https://catalog.update.microsoft.com/Search.aspx?q=KB5066586 | | Windows Server 2022 | KB5066782 | https://catalog.update.microsoft.com/Search.aspx?q=KB5066782 | | Windows Server 2025 | KB5066835 | https://catalog.update.microsoft.com/Search.aspx?q=KB5066835 |
This per-OS KB table was added 2026-05-21 from MSRC ingestion data. Verify each KB against the live MSRC advisory for your environment.
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References
Related vulnerabilities
KB5000871: Windows Server 2016 / 2019 Security Update (May 2026)
Microsoft Exchange Server
CVE-2021-26855
MEDIUM6.5Microsoft Defender for Identity Improper Authentication — Spoofing (CVE-2025-26685)
Microsoft Defender for Identity
CVE-2025-26685
HIGHIIS Security Updates Require Both Windows Update and Manual Configuration Review
Microsoft IIS