CVE-2025-35969

Intel Server Firmware Update Utility before 16.0.12 is affected by CVE-2025-35969: an Uncontrolled search path flaw in Ring 3 (user applications) may allow privilege escalation via a local attack by an authenticated user with high complexity and requiring user interaction. The impact spans confid...

Intel Server Firmware Update Utility 代码问题漏洞

Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. Versions of Intel Server Firmware Update Utility prior to 16.0.12 contained a code vulnerability caused by an uncontrolled search path, which could lead to privilege escalation...

Intel® Server Firmware Update Utility Software Advisory 

Summary: A potential security vulnerability in some Intel® Server Firmware Update Utility Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35969 Description: Uncontrolled search path fo...

Linux Distros Unpatched Vulnerability : CVE-2026-31699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmwa...

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary This affects the system management Universal Serial Bus USB interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-25210

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This...

CVE-2025-22453

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This...

CVE-2025-22453

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This...

CVE-2025-22453

Improper input validation for some Server Firmware Update UtilitySysFwUpdt before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This...

CVE-2025-22453

Summary: CVE-2025-22453 relates to improper input validation in Intel’s Server Firmware Update Utility (SysFwUpdt) prior to version 16.0.12. The vulnerability could allow a local attacker with privileged user access (high privileges, local attack vector, no user interaction) to escalate privilege...

Intel® Server Firmware Update Utility Software Advisory

Summary: Potential security vulnerabilities for some Intel® Server Firmware Update Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-25210 Description: Improper input validati...

Intel Server Firmware Update Utility 输入验证错误漏洞

Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. Versions prior to Intel Server Firmware Update Utility 16.0.12 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper input validation, which could lead to...

PT-2026-7290

Name of the Vulnerable Software and Affected Versions Server Firmware Update Utility SysFwUpdt versions prior to 16.0.12 Description A flaw exists in the input validation process of the Server Firmware Update Utility SysFwUpdt within Ring 3: User Applications. This issue may allow a system softwa...

Intel Server Firmware Update Utility 安全漏洞

Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. The Intel Server Firmware Update Utility has a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to an escalation of privileges...

PT-2026-7285

Name of the Vulnerable Software and Affected Versions Server Firmware Update UtilitySysFwUpdt versions prior to 16.0.12 Description A flaw exists in the input validation process of the Server Firmware Update UtilitySysFwUpdt within Ring 3: User Applications. This issue could allow a system softwa...

EndRun Technologies Sonoma Cross-Site Request Forgery (CVE-2025-60956)

Cross Site Request Forgery CSRF vulnerability in EndRun Technologies Sonoma D12 Network Time Server GPS F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. This plugin only works with...

CVE-2020-12300

Uninitialized pointer in BIOS firmware for IntelR Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-33945

Improper input validation in some IntelR Server board and IntelR Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access...

PT-2025-48040

Name of the Vulnerable Software and Affected Versions Ilevia EVE X1 Server Firmware versions prior to v4.7.18.0.eden Ilevia EVE Logic versions prior to v6.00 - 2025 07 21 Description A Cross Site Request Forgery CSRF issue exists in the /bh web backend component. This allows a remote attacker to...