Zero Day MonitorZDM

← Back to list

—

CVE-2025-35969PATCHED

intel · intel server firmware update utility

CVE-2025-35969: Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3

Description

Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Affected Products

Vendor	Product	Versions
intel	intel server firmware update utility	before version 16.0.12.

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01410.html

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2025-35969 | Intel Server Update Utility Software up to 16.0.11 Firmware Update uncontrolled search path (intel-sa-01410)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

16.0.12

CWECWE-427

PublishedMay 12, 2026

Last enriched4h agov2

Tags

problematic

Trending Score25

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-43120

RDMA/irdma: Fix double free related to rereg_user_mr

NONECVE-2025-35991

CVE-2025-35991: Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an informat

Multiple Vulnerabilities in Intel Software Products

HIGHCVE-2026-31779

wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()

NONECVE-2026-31691

igb: remove napi_synchronize() in igb_down()

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: affectedVersions, severity, patchAvailable, tags

May 12, 2026

Patch Available

May 12, 2026

Version History

v2

Last enriched 4h ago

v2Tier C4h ago

Updated affected versions to 'up to 16.0.11', changed severity to HIGH, and noted that there is no available exploit.

affectedVersionsseveritypatchAvailabletags

via VulDB

v14h ago

Initial creation