Intel UEFI Platforms May Expose Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

1.8

Intel UEFI Platforms May Expose Sensitive Data

CVE-2025-20073

Summary

Some Intel UEFI platforms may leak sensitive information if an attacker with high-level system access uses a complex attack. This could happen if an attacker gains access to the system, but it requires advanced knowledge and no user interaction. Affected users should review their system configurations to ensure they are secure.

Original title

Original description

Improper buffer restrictions in the UEFI DXE module for some Intel(R) Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

nvd CVSS4.0 1.8

Vulnerability type

CWE-119 Buffer Overflow

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026