CVE-2025-20070
Privilege Escalation in Intel Optane PMem Management Software
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | optane_pmem_management_software | to CR_MGMT_03.00.00.0538 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper conditions checking in the Intel Optane PMem management software before certain versions. It exists within Ring 3, which is the user application level, and may allow an unprivileged but authenticated user to escalate their privileges.
The attack requires local access, is of high complexity, and needs active user interaction. An attacker with these conditions might exploit this flaw to gain higher privileges than intended.
How can this vulnerability impact me? :
This vulnerability can impact the confidentiality, integrity, and availability of the vulnerable system at a high level. Specifically, it may allow an attacker to escalate privileges, potentially compromising sensitive data, altering system behavior, or disrupting system availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know