CVE-2025-22839 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
intel	CNA	7.5 HIGH	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Debian Releases

Debian Product

Codename

intel-microcode

bullseye/non-free	vulnerable
bullseye/non-free (security)	3.20250812.1~deb11u1 fixed
bookworm/non-free-firmware	vulnerable
bookworm/non-free-firmware (security)	3.20250812.1~deb12u1 fixed
trixie/non-free-firmware (security)	3.20250812.1~deb13u1 fixed
trixie/non-free-firmware	3.20250812.1~deb13u1 fixed
sid/non-free-firmware	3.20251111.1 fixed
forky/non-free-firmware	3.20251111.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

intel-microcode

questing	Fixed 3.20250812.0ubuntu0.25.10.1 released
plucky	Fixed 3.20250812.0ubuntu0.25.04.1 released
noble	Fixed 3.20250812.0ubuntu0.24.04.1 released
jammy	Fixed 3.20250812.0ubuntu0.22.04.1 released
focal	Fixed 3.20250812.0ubuntu0.20.04.1+esm1 released
bionic	Fixed 3.20250812.0ubuntu0.18.04.1+esm1 released
xenial	Fixed 3.20250812.0ubuntu0.16.04.1+esm1 released
trusty	ignored

Common Weakness Enumeration

CWE-1220 - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html

https://lists.debian.org/debian-lts-announce/2025/10/msg00027.html