Cyber Resilience

CVE-2025-22453

High

Published: 10 February 2026

Published
10 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 9.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22453 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-22453 is an improper input validation vulnerability affecting the Server Firmware Update Utility (SysFwUpdt) prior to version 16.0.12, specifically within Ring 3 user applications. This flaw, classified under CWE-20, enables an escalation of privilege and has a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). Published on February 10, 2026, it poses high impacts to confidentiality, integrity, and availability on vulnerable systems.

Exploitation requires local access by a system software adversary possessing a privileged user account (PR:H), combined with a high-complexity attack (AC:H) that demands no user interaction (UI:N). Successful attacks can lead to local code execution with a changed scope (S:C), potentially compromising the targeted system without special internal knowledge.

For mitigation details, refer to the Intel Security Advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html, which provides guidance on updates and protective measures.

EU & UK References

Vulnerability details

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code…

more

execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local privilege escalation via improper input validation (CWE-20) in a Ring-3 utility directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21234Shared CWE-20
CVE-2025-48647Shared CWE-20
CVE-2025-25210Shared CWE-20
CVE-2026-21733Shared CWE-20
CVE-2026-7905Shared CWE-20
CVE-2026-7997Shared CWE-20
CVE-2026-5174Shared CWE-20
CVE-2026-26170Shared CWE-20
CVE-2026-9914Shared CWE-20
CVE-2025-24255Shared CWE-20

Affected Assets

Intel
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the improper input validation flaw in SysFwUpdt by applying the update to version 16.0.12.

prevent

Mandates implementation of input validation mechanisms at entry points in Ring 3 applications like SysFwUpdt to block malformed inputs leading to privilege escalation.

prevent

Enforces least privilege for users and processes executing SysFwUpdt, limiting the scope and impact of privilege escalation from already privileged accounts.

References