CVE-2025-31648
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation via Microcode Flow in Intel Processors

Vulnerability report for CVE-2025-31648, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-10

Last updated on: 2026-02-10

Assigner: Intel Corporation

Description

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-10
Last Modified
2026-02-10
Generated
2026-07-06
AI Q&A
2026-02-10
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
intel processor_family *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-229 The product does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves improper handling of values in the microcode flow of some Intel Processor Family devices. It may allow an escalation of privilege through startup code and System Management Mode (SMM) adversaries when combined with a privileged user and a high complexity attack. The attack requires local access, special internal knowledge, and does not require user interaction.

Impact Analysis

The vulnerability can impact the confidentiality and integrity of the affected system at a low level, but it does not affect availability. This means that sensitive information could potentially be exposed or altered, but the system's availability or uptime is not impacted.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31648. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart