Multiple vulnerabilities in Intel Server Board D50DNP and M50FCP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2025-20082 CVE-2025-24308 CVE-2025-21094 CVE-2025-20034 CVE-2025-20009 CVE-2025-21100 |
| CWE-ID | CWE-367 CWE-20 CWE-665 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Server Board D50DNP Hardware solutions / Firmware Intel Server Board M50FCP UEFI Hardware solutions / Firmware |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU109163
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20082
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in the UEFI firmware SmiVariable driver. A local administrator can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU109164
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24308
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the UEFI firmware error handler. A local administrator can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU109165
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21094
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the UEFI firmware DXE module. A local administrator can pass specially crafted input to the application and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU109166
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20034
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the BackupBiosUpdate UEFI firmware SmiVariable driver. A local administrator can pass specially crafted input to the application and disclose sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU109167
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the UEFI firmware GenerationSetup module. A local administrator can pass specially crafted input to the application and disclose sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Initialization
EUVDB-ID: #VU109168
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21100
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to improper initialization in the UEFI firmware. A local administrator can disclose sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Server Board D50DNP: before R01.02.0003
Intel Server Board M50FCP UEFI: before R01.02.0003
CPE2.3- cpe:2.3:h:intel:intel_server_board_d50dnp:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_server_board_m50fcp_uefi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01269.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
