CVE-2025-25210

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La validación de entrada incorrecta para alguna Utilidad de Actualización de Firmware de Servidor (SysFwUpdt) antes de la versión 16.0.12 dentro del Anillo 3: Aplicaciones de Usuario puede permitir una escalada de privilegios. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de baja complejidad puede habilitar la escalada de privilegios. Este resultado puede ocurrir potencialmente vía acceso local cuando los requisitos de ataque están presentes sin conocimiento interno especial y no requiere interacción del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguno), integridad (ninguno) y disponibilidad (ninguno) del sistema.

10 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 17:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-25210

Mitre link : CVE-2025-25210

CVE.ORG link : CVE-2025-25210

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-25210", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T17:16:13.697", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html", "source": "secure@intel.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta para alguna Utilidad de Actualizaci\u00f3n de Firmware de Servidor (SysFwUpdt) antes de la versi\u00f3n 16.0.12 dentro del Anillo 3: Aplicaciones de Usuario puede permitir una escalada de privilegios. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de baja complejidad puede habilitar la escalada de privilegios. Este resultado puede ocurrir potencialmente v\u00eda acceso local cuando los requisitos de ataque est\u00e1n presentes sin conocimiento interno especial y no requiere interacci\u00f3n del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguno), integridad (ninguno) y disponibilidad (ninguno) del sistema."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "secure@intel.com"}