Improper Initialization in UEFI Firmware of Intel Platforms
CVE-2025-35991

5.6MEDIUM

Key Information:

Vendor: Intel
Status: Intel Platforms
Vendor: CVE Published:; 12 May 2026

What is CVE-2025-35991?

The vulnerability arises from improper initialization in the UEFI firmware on select Intel platforms, specifically within Ring 0: Bare Metal OS. This flaw may enable an unauthorized system software adversary with privileged access to exploit the vulnerability and potentially expose sensitive data. The attack does not require special internal knowledge and can progress through local access without any user interaction, posing a significant risk to data confidentiality of the affected systems.

Affected Version(s)

Intel platforms See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 15, 2025

CVE-2025-35991 Data

JSON