Information Disclosure Vulnerability in Intel UEFI DXE Module
CVE-2025-20073

1.8LOW

Key Information:

Vendor: Intel
Status: Intel(r) Reference Platforms
Vendor: CVE Published:; 10 March 2026

What is CVE-2025-20073?

The improper buffer restrictions in the UEFI DXE module for certain Intel Reference Platforms may expose sensitive information. This vulnerability enables a system software adversary with restricted local access to potentially exploit the flaw, leading to unauthorized data exposure. While the attack complexity is considered high and requires internal knowledge, it does not necessitate user interaction, making it a critical issue for system confidentiality. Organizations using affected Intel Reference Platforms should evaluate their security posture and apply necessary mitigations to safeguard their systems.

Affected Version(s)

Intel(R) Reference Platforms See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2026
Vulnerability Reserved
Oct 10, 2024

CVE-2025-20073 Data

JSON