CVE-2025-36755

CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard

CVE CVE-2025-36755
Title CleverDisplay BlueOne unauthorized BIOS access through physical USB keyboard
Credits
  • Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker. (finder)
  • Dennis Kussendrager (DIVD) (analyst)
  • Victor Pasman (DIVD) (analyst)
Affected products
Product Affected Unaffected Unknown
CleverDisplay B.V. BlueOne (CleverDisplay Hardware Player) = 12.11.1 (semver)
>= 12.12.1 to < * (semver)
everything else
CVSS
Base score 2.4 - LOW
Attack Vector PHYSICAL
Attack Complexity> LOW
Attack Requirements NONE
Privileges Required NONE
Confidentiality Impact
Vulnerable system LOW Subsequent systems NONE
Integrity Impact
Vulnerable system NONE Subsequent systems NONE
Availability Impact
Vulnerable system NONE Subsequent systems NONE
Safety impact NEGLIGIBLE
Automatable NO
Recovery NOT_DEFINED
Value Density DIFFUSE
Vulnerability Response effort LOW
Provider Urgency GREEN
References
Problem type(s)
Impact(s) CAPEC-522 Malicious Hardware Component Replacement
Exploit(s) Proof-of-concept demonstrated by researchers at WHY2025; exploitation confirmed limited to BIOS access without ability to modify settings.
Date published 09 Aug 2025 16:00 UTC
Last modified

Description

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during boot to access the BIOS setup interface. BIOS settings could be viewed but not modified. This behavior slightly increases the attack surface by exposing internal system information (CWE-1244) once the enclosure is removed, but does not allow integrity or availability compromise under standard or tested configurations.

Solution(s)

BlueOne firmware version 12.2.1 introduces default BIOS password protection and Secure Boot enablement, preventing unauthorized BIOS access.

JSON version.