Security Bulletin, July 2025

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

^[1] XV23-ZX0 does not follow the AMD EPYC 9005/9004 Series Processors BIOS release schedule, please contact our sales team for further information on the BIOS release plan.

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

Common Vulnerabilities or Exposures (CVEID): CVE-2025-33043

Severity Rating: Medium

Description: APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.

Common Vulnerabilities or Exposures (CVEID): CVE-2025-2884

Severity Rating: Medium

Description: TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com