Intel UEFI ImcErrorHandler Module Has Privilege Escalation Flaw

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Intel UEFI ImcErrorHandler Module Has Privilege Escalation Flaw

CVE-2025-20068

Summary

Intel's UEFI ImcErrorHandler module on certain reference platforms has a flaw that could allow an attacker with administrative access to gain even more powerful access. This could potentially lead to sensitive data being compromised or system crashes. If you use affected platforms, it's essential to apply any available security updates to mitigate this vulnerability.

Original title

Original description

Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

nvd CVSS4.0 7.1

Vulnerability type

CWE-20 Improper Input Validation

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026