CVE-2025-22444

{"id": "CVE-2025-22444", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T23:16:42.750", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Exposure of resource to wrong sphere in the UEFI PdaSmm module for some Intel(R) reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}, {"lang": "es", "value": "La exposici\u00f3n de recursos a una esfera incorrecta en el m\u00f3dulo UEFI PdaSmm para algunas plataformas de referencia Intel(R) puede permitir una revelaci\u00f3n de informaci\u00f3n. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede permitir la exposici\u00f3n de datos. Este resultado puede ocurrir potencialmente a trav\u00e9s de acceso local cuando los requisitos de ataque no est\u00e1n presentes sin conocimiento interno especial y no requiere interacci\u00f3n del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (alta), integridad (ninguna) y disponibilidad (ninguna) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "secure@intel.com"}