#VU122789 Input validation error in Intel products - CVE-2025-25210
Published: February 13, 2026
Vulnerability identifier: #VU122789
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-25210
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel Server Firmware Update Utility
Intel Server Board M50CYP
Intel Server Board D50TNP
BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server D50DNP
BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server M50FCP
Intel Server Firmware Update Utility
Intel Server Board M50CYP
Intel Server Board D50TNP
BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server D50DNP
BIOS and System Firmware Update Package (SFUP) for Windows and Linux for Intel Server M50FCP
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the target system.
The vulnerability exists due to insufficient validation of user-supplied input within Server Firmware Update Utility(SysFwUpdt). A local administrator can pass specially crafted input to the application and gain elevated privileges on the system.
Remediation
Install updates from vendor's website.