CVE-2025-22885 MEDIUM

CVE-2025-22885

Vendor N/A
Product TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are no
Weakness CWE-119
Published February 10, 2026
Last update February 26, 2026

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 26, 2026 Record updated