Intel UEFI WheaERST module on some Intel platforms allows unauthorized access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Intel UEFI WheaERST module on some Intel platforms allows unauthorized access

CVE-2025-20027

Summary

A flaw in the Intel UEFI WheaERST module on some Intel reference platforms could allow a skilled attacker to gain more access to the system than they should have, potentially leading to unauthorized changes or data theft. This is a serious issue for business owners, as it could compromise sensitive data and disrupt system operations. To protect your business, ensure that you have the latest software updates installed, especially for your Intel systems.

Original title

Original description

Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

nvd CVSS4.0 7.1

Vulnerability type

CWE-20 Improper Input Validation

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026