CVE-2025-20613
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-13
Assigner: Intel Corporation
Description
Description
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-337 | A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a predictable seed in the Pseudo-Random Number Generator (PRNG) within the firmware of some Intel(R) TDX. Because the seed is predictable, an authenticated user with local access could potentially exploit this flaw to cause information disclosure.
How can this vulnerability impact me? :
The vulnerability could allow an authenticated local user to gain access to sensitive information that should otherwise be protected, due to the predictable nature of the PRNG seed in the firmware. This could lead to unauthorized information disclosure.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70