CVE-2025-31648
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via Microcode Flow in Intel Processors

Publication date: 2026-02-10

Last updated on: 2026-02-10

Assigner: Intel Corporation

Description
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-31648
EUVD
EUVD-2025-207126
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intel processor_family *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-229 The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper handling of values in the microcode flow of some Intel Processor Family devices. It may allow an escalation of privilege through startup code and System Management Mode (SMM) adversaries when combined with a privileged user and a high complexity attack. The attack requires local access, special internal knowledge, and does not require user interaction.

Impact Analysis

The vulnerability can impact the confidentiality and integrity of the affected system at a low level, but it does not affect availability. This means that sensitive information could potentially be exposed or altered, but the system's availability or uptime is not impacted.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31648. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart