Cyber Posture

CVE-2024-33659

High

Published: 11 February 2025

Published
11 February 2025
Modified
02 October 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0007 20.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33659 is a high-severity Improper Input Validation (CWE-20) vulnerability in Ami Aptio V. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces information input validation mechanisms to mitigate the improper input validation vulnerability (CWE-20) in the AMI APTIOV BIOS firmware.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and remediation of the BIOS firmware flaw via patching as detailed in the AMI security advisory.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Monitors and verifies the integrity of BIOS firmware to prevent unauthorized modifications and detect exploitation attempts leading to arbitrary code execution at SMM level.

NVD Description

AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting…

more

Confidentiality, Integrity, and Availability.

Deeper analysisAI

CVE-2024-33659 is an improper input validation vulnerability (CWE-20) in the AMI APTIOV BIOS firmware. It affects systems utilizing this BIOS component, where flawed validation allows attackers to manipulate inputs during local operations.

A local attacker with low privileges (AV:L/AC:L/PR:L) can exploit the vulnerability without user interaction (UI:N). Successful exploitation enables overwriting arbitrary memory and executing arbitrary code at the System Management Mode (SMM) level, with a changed scope (S:C) that grants high-impact privileges, compromising confidentiality, integrity, and availability (CVSS:3.1 score of 8.8: C:H/I:H/A:H).

AMI security advisory AMI-SA-2025002 details the issue and is available at https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2025/AMI-SA-2025002.pdf for mitigation guidance and patching information.

Details

CWE(s)
CWE-20

Affected Products

ami
aptio v
5.0 — 5.038

CVEs Like This One

CVE-2024-42444Same product: Ami Aptio V
CVE-2024-54084Same product: Ami Aptio V
CVE-2026-27623Shared CWE-20
CVE-2025-61614Shared CWE-20
CVE-2026-20856Shared CWE-20
CVE-2025-69278Shared CWE-20
CVE-2025-30452Shared CWE-20
CVE-2024-21925Shared CWE-20
CVE-2025-20146Shared CWE-20
CVE-2026-28894Shared CWE-20

References