Intel UEFI module on certain platforms may allow unauthorized system access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.7

Intel UEFI module on certain platforms may allow unauthorized system access

CVE-2025-20064

Summary

A vulnerability in Intel's UEFI module on some systems could allow a highly skilled attacker to gain elevated access to the system, potentially allowing them to access sensitive information, alter system settings, or disrupt system operations. This vulnerability can be exploited by an attacker with advanced technical skills and requires direct access to the system. System administrators should review their systems to ensure they are using the latest security patches and updates.

Original title

Original description

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

nvd CVSS4.0 8.7

Vulnerability type

CWE-20 Improper Input Validation

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 10 Mar 2026