CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-20034: Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version...

5.6 CVSS

Description

Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access.

Classification

CVE ID: CVE-2025-20034

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.6

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

Information Disclosure Improper Input Validation

Affected Products

Vendor: n/a

Product: Intel(R) Server D50DNP and M50FCP boards

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.58% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-20034
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html

Timeline

2025-05-13 22:40:18 UTC
CVE

Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version...