Timing Discrepancy in Intel's CSME and SPS Firmware
CVE-2025-20067

6.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Csme And Intel(r) Sps
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-20067?

A vulnerability exists in Intel's CSME and SPS firmware that relates to an observable timing discrepancy. This flaw may permit a privileged user to gain access to sensitive information through local means, potentially compromising the system's integrity and confidentiality. Users and organizations are urged to assess their systems for exposure and follow the necessary security best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Intel(R) CSME and Intel(R) SPS See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Oct 11, 2024

JSON