CVE-2025-20064

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

CVSS

No CVSS.

References

Link	Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Configurations

No configuration.

History

11 Mar 2026, 13:52

Type	Values Removed	Values Added
Summary		(es) La validación de entrada incorrecta en el módulo UEFI FlashUcAcmSmm para algunas plataformas de referencia Intel(R) puede permitir una escalada de privilegios. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede habilitar la ejecución de código local. Este resultado puede ocurrir potencialmente a través de acceso local cuando los requisitos de ataque no están presentes sin conocimiento interno especial y no requiere interacción del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en subsiguientes impactos en la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema.

10 Mar 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 23:16

Updated : 2026-03-11 13:52

NVD link : CVE-2025-20064

Mitre link : CVE-2025-20064

CVE.ORG link : CVE-2025-20064

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-20064", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T23:16:41.940", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en el m\u00f3dulo UEFI FlashUcAcmSmm para algunas plataformas de referencia Intel(R) puede permitir una escalada de privilegios. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede habilitar la ejecuci\u00f3n de c\u00f3digo local. Este resultado puede ocurrir potencialmente a trav\u00e9s de acceso local cuando los requisitos de ataque no est\u00e1n presentes sin conocimiento interno especial y no requiere interacci\u00f3n del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en subsiguientes impactos en la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "secure@intel.com"}