wid-sec-w-2026-0666 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Intel IPU, UEFI Reference Firmware: Multiple Vulnerabilities

CVSS 8.7 HIGH

Risk Summary

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

CVEs (10)

CVE-2025-20005 CVE-2025-20027 CVE-2025-20028 CVE-2025-20064 CVE-2025-20068 CVE-2025-20073 CVE-2025-20096 CVE-2025-20105 CVE-2025-22444 CVE-2025-22850

Affected Vendors

Dell HPE Intel Lenovo

Affected Products (1)

Intel · Firmware IPU UEFI Reference

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more