Uncontrolled Search Path Vulnerability in Intel Server Firmware Update Utility Software
CVE-2025-35969

5.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Server Firmware Update Utility Software
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-35969?

The vulnerability in the Intel Server Firmware Update Utility Software results from an uncontrolled search path, which may allow attackers with authenticated access to escalate privileges. This can lead to significant security risks for systems where an adversary leverages local access and potential user interactions, placing system confidentiality, integrity, and availability at risk, albeit requiring specific attack conditions.

Affected Version(s)

Intel(R) Server Firmware Update Utility Software before version 16.0.12.

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-35969 Data

JSON