CVE-2025-20096

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

CVSS

No CVSS.

References

Link	Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01393.html

Configurations

No configuration.

History

11 Mar 2026, 13:52

Type	Values Removed	Values Added
Summary		(es) La validación de entrada incorrecta en el firmware UEFI para algunas plataformas de referencia Intel podría permitir una escalada de privilegios. Un adversario de software de sistema con un usuario privilegiado, combinado con un ataque de alta complejidad, podría permitir la manipulación de datos. Este resultado podría ocurrir potencialmente a través de acceso local cuando los requisitos de ataque están presentes, sin conocimiento interno especial y requiere interacción activa del usuario. La vulnerabilidad potencial podría impactar la confidencialidad (ninguna), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (alta) y disponibilidad (alta) del sistema.

10 Mar 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 23:16

Updated : 2026-03-11 13:52

NVD link : CVE-2025-20096

Mitre link : CVE-2025-20096

CVE.ORG link : CVE-2025-20096

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-20096", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T23:16:42.427", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01393.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunas plataformas de referencia Intel podr\u00eda permitir una escalada de privilegios. Un adversario de software de sistema con un usuario privilegiado, combinado con un ataque de alta complejidad, podr\u00eda permitir la manipulaci\u00f3n de datos. Este resultado podr\u00eda ocurrir potencialmente a trav\u00e9s de acceso local cuando los requisitos de ataque est\u00e1n presentes, sin conocimiento interno especial y requiere interacci\u00f3n activa del usuario. La vulnerabilidad potencial podr\u00eda impactar la confidencialidad (ninguna), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (alta) y disponibilidad (alta) del sistema."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "secure@intel.com"}