CVE-2025-25210

High

Published: 10 February 2026

Published

10 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0003 7.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25210 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly enforces proper input validation in the SysFwUpdt utility to prevent exploitation of the improper input validation flaw leading to privilege escalation.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation by updating SysFwUpdt to version 16.0.12 or later, eliminating the specific vulnerability as recommended in the Intel advisory.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to limit the scope and impact of high-privilege accounts required for the attacker's local exploitation of SysFwUpdt.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Improper input validation in privileged local firmware update utility directly enables local privilege escalation (T1068) with scope change and high CIA impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of…

privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Deeper analysisAI

CVE-2025-25210 is an improper input validation vulnerability (CWE-20) affecting the Server Firmware Update Utility (SysFwUpdt) prior to version 16.0.12, specifically within Ring 3 user applications. This flaw enables potential escalation of privilege when exploited. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its local attack vector, low complexity, requirement for high privileges, lack of user interaction, scope change, and high impacts on confidentiality, integrity, and availability.

A system software adversary with a privileged user account can exploit this vulnerability via local access using a low-complexity attack that requires no special internal knowledge or user interaction. Successful exploitation allows escalation of privilege, potentially impacting the vulnerable system's confidentiality, integrity, and availability at a high level.

For mitigation details, refer to the Intel Security Advisory at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01325.html, which was published on 2026-02-10.