Improper Locking Vulnerability in Intel Core Ultra Processors
CVE-2025-20047

5.3MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Core™ Ultra Processors
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-20047?

The vulnerability pertains to improper locking within the Intel Integrated Connectivity I/O interface (CNVi) found in certain Intel Core Ultra Processors. This issue may allow unauthorized access, enabling an unauthenticated user with physical access to escalate privileges. This poses significant security concerns, especially in environments where physical security cannot be guaranteed. The potential exploitation of this flaw underscores the importance of safeguarding hardware against unauthorized access.

Affected Version(s)

Intel(R) Core™ Ultra Processors See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Oct 11, 2024