Cyber Resilience

CVE-2023-43758

High

Published: 12 February 2025

Published
12 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-43758 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-43758 is an improper input validation vulnerability, classified under CWE-20, affecting UEFI firmware on some Intel processors. Published on 2025-02-12, it carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

The vulnerability can be exploited by a privileged user with local access, who may leverage improper input validation to escalate privileges. Successful exploitation requires high privileges and low complexity but no user interaction, with a changed scope that amplifies effects on the system.

Intel's security advisory (INTEL-SA-01139) addresses the issue, and a Debian LTS announcement details mitigations for affected packages.

EU & UK References

Vulnerability details

Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via firmware input validation flaw maps to exploitation for privilege escalation; firmware context suggests possible T1542.001 but is secondary.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21234Shared CWE-20
CVE-2025-48647Shared CWE-20
CVE-2025-25210Shared CWE-20
CVE-2026-21733Shared CWE-20
CVE-2026-7905Shared CWE-20
CVE-2026-7997Shared CWE-20
CVE-2026-5174Shared CWE-20
CVE-2026-26170Shared CWE-20
CVE-2026-9914Shared CWE-20
CVE-2025-24255Shared CWE-20

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the improper input validation (CWE-20) in UEFI firmware by requiring comprehensive validation of all system information inputs to prevent privilege escalation.

prevent

Ensures timely identification, reporting, and patching of the UEFI firmware flaw as detailed in Intel-SA-01139, preventing exploitation by privileged local users.

preventdetect

Monitors UEFI firmware integrity to ensure only authorized and patched versions execute, reducing the risk of exploitation through input validation flaws.

References