Race Condition in Intel Converged Security and Management Engine Vulnerability
CVE-2025-20037

6.8MEDIUM

What is CVE-2025-20037?

This vulnerability involves a time-of-check time-of-use race condition in the firmware for certain versions of Intel's Converged Security and Management Engine. It allows a privileged user to potentially escalate their privileges via local access, posing risks to system integrity and security. It is essential for users and administrators of affected products to apply the necessary updates and mitigations provided by Intel to safeguard against potential exploitations.

Affected Version(s)

Intel(R) Converged Security and Management Engine See references

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.