Intel UEFI Firmware: Escalation of Privilege via Local Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Intel UEFI Firmware: Escalation of Privilege via Local Attack

CVE-2025-20105

Summary

An attacker with local access can potentially take control of your system by exploiting a weakness in Intel's UEFI firmware. This could allow them to access sensitive information, make unauthorized changes, and disrupt system operation. Make sure your system's firmware is up to date to minimize the risk of this happening.

Original title

Original description

Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

nvd CVSS4.0 8.7

Vulnerability type

CWE-20 Improper Input Validation

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026