Insufficient Control Flow Management in Intel Xeon 6 Processor Firmware
CVE-2025-20004

8.5HIGH

Key Information:

Vendor: Intel
Status: Intel(r) Xeon(r) 6 Processor E-cores Firmware
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-20004?

An insufficient control flow management vulnerability in the Alias Checking Trusted Module of Intel(R) Xeon(R) 6 processor E-Cores firmware has the potential to enable local privilege escalation for a privileged user. This weakness allows for unauthorized access and manipulation within the firmware, presenting a serious risk to impacted systems. It is crucial for organizations utilizing affected Intel products to evaluate their security posture and apply necessary patches to mitigate these risks.

Affected Version(s)

Intel(R) Xeon(R) 6 processor E-Cores firmware See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Oct 11, 2024