Medium severity4.7NVD Advisory· Published Feb 10, 2026· Updated Apr 15, 2026

CVE-2025-22885

Description

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper buffer restrictions in Intel TDX Module firmware allow local privilege escalation.

Vulnerability

Overview CVE-2025-22885 is a vulnerability in the firmware of the Intel Trust Domain Extensions (TDX) Module, caused by improper buffer restrictions. This flaw could allow a privileged system software adversary to escalate privileges, though the attack is considered high complexity and requires local access [1].

Exploitation

Conditions Exploitation requires the attacker to have a privileged user position on the system and perform a high-complexity attack. No user interaction is needed, and the attacker does not need special internal knowledge if the attack prerequisites are met. The attack vector is local, meaning the adversary must already have some level of system access [1].

Impact

If successfully exploited, the vulnerability could lead to a breach of confidentiality (high impact) and integrity (low impact), but does not affect availability. Notably, the secondary impacts on subsequent systems are listed as none, suggesting the escalation is contained within the TDX Module [1].

Mitigation

Intel has released a security advisory (INTEL-SA-01314) with firmware updates to address this issue. Affected users should apply the recommended updates to mitigate the risk [1].

References

INTEL-SA-01314

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Intel/TDX Modulellm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

intel.com/content/www/us/en/security-center/advisory/intel-sa-01314.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000