Intel CVE-2025-24305
HIGHCVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
AnalysisAI
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 7.0). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-691. Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More from same product – last 7 days
In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table Th
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down P
In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin
Share
External POC / Exploit Code
Leaving vuln.today