CVE-2025-22444

Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS

No CVSS.

References

Link	Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Configurations

No configuration.

History

11 Mar 2026, 13:52

Type	Values Removed	Values Added
Summary		(es) La exposición de recursos a una esfera incorrecta en el módulo UEFI PdaSmm para algunas plataformas de referencia Intel(R) puede permitir una revelación de información. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede permitir la exposición de datos. Este resultado puede ocurrir potencialmente a través de acceso local cuando los requisitos de ataque no están presentes sin conocimiento interno especial y no requiere interacción del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (ninguna) y disponibilidad (ninguna) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema.

10 Mar 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 23:16

Updated : 2026-03-11 13:52

NVD link : CVE-2025-22444

Mitre link : CVE-2025-22444

CVE.ORG link : CVE-2025-22444

JSON object : View

Products Affected

No product.

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2025-22444", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T23:16:42.750", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}, {"lang": "es", "value": "La exposici\u00f3n de recursos a una esfera incorrecta en el m\u00f3dulo UEFI PdaSmm para algunas plataformas de referencia Intel(R) puede permitir una revelaci\u00f3n de informaci\u00f3n. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede permitir la exposici\u00f3n de datos. Este resultado puede ocurrir potencialmente a trav\u00e9s de acceso local cuando los requisitos de ataque no est\u00e1n presentes sin conocimiento interno especial y no requiere interacci\u00f3n del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (ninguna) y disponibilidad (ninguna) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "secure@intel.com"}