CVE-2025-30185

EUVD-2025-93496

11.11.2025, 17:15

Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable data alteration. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.9 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
intel	CNA	7.9 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Common Weakness Enumeration

CWE-489 - Active Debug Code
The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01378.html