Improper Initialization in ESXi Kernel Driver for Intel Ethernet 800-Series
CVE-2025-25058

2LOW

Key Information:

Vendor: Intel
Status: Intel(r) Ethernet 800-series
Vendor: CVE Published:; 10 February 2026

What is CVE-2025-25058?

The vulnerability involves improper initialization in certain Intel Ethernet 800-Series drivers used in ESXi environments. An attacker with authenticated access can exploit this flaw through local access, enabling potential information disclosure without requiring user interaction. The risk arises due to failures in the initialization process of device drivers, potentially exposing sensitive data. While the impact on system integrity and availability remains unaffected, confidentiality may be compromised, raising concerns regarding the security posture of affected systems.

Affected Version(s)

Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0)

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Feb 4, 2025

CVE-2025-25058 Data

JSON