Buffer overflow in Tdx Module May Allow An Escalation Of Privilege. System Software Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Not Present Without Special Internal Knowledge And Requires No Interaction. The Potential Vulnerability Impact Confidentiality (High), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent (None), Impacts.
CVE-2025-22885
Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result m…
Vulnerability class: Buffer Overflow
EPSS: 0.001 (3.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N.
Affected products
- N/a Tdx Module May Allow An Escalation Of Privilege. System Software Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Not Present Without Special Internal Knowledge And Requires No Interaction. The Potential Vulnerability Impact Confidentiality (High), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent (None), Impacts. — versions See references
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-22885?
- CVE-2025-22885 is a medium-severity vulnerability in Tdx Module May Allow An Escalation Of Privilege. System Software Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Not Present Without Special Internal Knowledge And Requires No Interaction. The Potential Vulnerability Impact Confidentiality (High), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent (None), Impacts., classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 4.7/10. Published 2026-02-10.
- How severe is CVE-2025-22885?
- Medium severity. CVSS v3 base score is 4.7 out of 10.