Race Condition in Intel Converged Security and Management Engine Vulnerability
CVE-2025-20037

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Converged Security And Management Engine
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-20037?

This vulnerability involves a time-of-check time-of-use race condition in the firmware for certain versions of Intel's Converged Security and Management Engine. It allows a privileged user to potentially escalate their privileges via local access, posing risks to system integrity and security. It is essential for users and administrators of affected products to apply the necessary updates and mitigations provided by Intel to safeguard against potential exploitations.

Affected Version(s)

Intel(R) Converged Security and Management Engine See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Nov 6, 2024

JSON