CVE-2025-31648
Privilege Escalation via Microcode Flow in Intel Processors
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | processor_family | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-229 | The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper handling of values in the microcode flow of some Intel Processor Family devices. It may allow an escalation of privilege through startup code and System Management Mode (SMM) adversaries when combined with a privileged user and a high complexity attack. The attack requires local access, special internal knowledge, and does not require user interaction.
How can this vulnerability impact me? :
The vulnerability can impact the confidentiality and integrity of the affected system at a low level, but it does not affect availability. This means that sensitive information could potentially be exposed or altered, but the system's availability or uptime is not impacted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know