#VU109450 Improper authentication in Intel products - CVE-2025-20083
Published: May 20, 2025
Vulnerability identifier: #VU109450
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-20083
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
Intel Xeon E Processors
10th Generation Intel Core Processors
Intel Xeon D Processors
Intel Core Ultra family
13th Generation Intel Core Processors
11th Generation Intel Core Processors
Intel Atom Processor E3900 Series
Intel Core Ultra Processors Series 2
Intel Celeron 6305E/RE
Intel Core i3-1115GRE/G4E
Intel Core i5-1145G7E/GRE
Intel Core i7-1185G7E/GRE
Intel Celeron 6600HE/HLE
Intel Core i3-11100HE
Intel Core i5-11500HE
Intel Core i7-11850HE
Intel Xeon W-11155MLE/MRE
Intel Xeon W-11555MLE/MRE
Intel Xeon W-11865MLE/MRE
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
Intel Xeon E Processors
10th Generation Intel Core Processors
Intel Xeon D Processors
Intel Core Ultra family
13th Generation Intel Core Processors
11th Generation Intel Core Processors
Intel Atom Processor E3900 Series
Intel Core Ultra Processors Series 2
Intel Celeron 6305E/RE
Intel Core i3-1115GRE/G4E
Intel Core i5-1145G7E/GRE
Intel Core i7-1185G7E/GRE
Intel Celeron 6600HE/HLE
Intel Core i3-11100HE
Intel Core i5-11500HE
Intel Core i7-11850HE
Intel Xeon W-11155MLE/MRE
Intel Xeon W-11555MLE/MRE
Intel Xeon W-11865MLE/MRE
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper authentication in the Intel Slim Bootloader. A local user can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.