How severe is CVE-2025-31648?

Low severity. CVSS v3 base score is 3.9 out of 10.

Vulnerability in Intel(r) Processor Family May Allow An Escalation Of Privilege. Startup Code And Smm Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Present Special Internal Knowledge Requires No Interaction. The Potential Vulnerability Impact Confidentiality (Low), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent System Impacts.

CVE-2025-31648

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation o…

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.9 (Low). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N.

Affected products

N/a Intel(r) Processor Family May Allow An Escalation Of Privilege. Startup Code And Smm Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Present Special Internal Knowledge Requires No Interaction. The Potential Vulnerability Impact Confidentiality (Low), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent System Impacts. — versions See references

Weakness classification (CWE)

CWE-229

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01396.html

Frequently asked questions

What is CVE-2025-31648?: CVE-2025-31648 is a low-severity vulnerability in Intel(r) Processor Family May Allow An Escalation Of Privilege. Startup Code And Smm Adversary With A Privileged User Combined High Complexity Attack Enable This Result Potentially Occur Via Local Access When Requirements Are Present Special Internal Knowledge Requires No Interaction. The Potential Vulnerability Impact Confidentiality (Low), Integrity (Low) Availability (None) Vulnerable System, Resulting In Subsequent System Impacts., classified under CWE-229. CVSS score: 3.9/10. Published 2026-02-10.
How severe is CVE-2025-31648?: Low severity. CVSS v3 base score is 3.9 out of 10.