CVE-2025-35999
Incorrect Permission Assignment in Intel SysFwUpdt Enables Privilege Escalation
Publication date: 2026-02-10
Last updated on: 2026-02-10
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | system_firmware_update_utility | to 16.0.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves incorrect permission assignment in the System Firmware Update Utility (SysFwUpdt) for certain Intel Server Boards and Systems before version 16.0.12. It allows a user application running with high privileges to potentially escalate their privileges further. The attack requires local access, a privileged user, and low complexity, with only passive user interaction needed.
The vulnerability affects the system at Ring 3 (user application level) and may impact the confidentiality, integrity, and availability of the system.
How can this vulnerability impact me? :
This vulnerability can lead to an escalation of privilege, meaning an attacker with some level of access could gain higher privileges than intended. This can compromise the confidentiality, integrity, and availability of the affected system.
- Confidentiality impact: High
- Integrity impact: High
- Availability impact: High
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know