The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in the Intel Server Board D50DNP and M50FCP may allow escalation of privileges or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details: 

CVEID:  CVE-2025-20082

Description: Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel® Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access.

CVSS Base Score 3.1: 7.5 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 8.7 High

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVEID:  CVE-2025-24308

Description: Improper input validation in the UEFI firmware error handler for the Intel® Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 7.5 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 8.7 High

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVEID:  CVE-2025-21094

Description: Improper input validation in the UEFI firmware DXE module for the Intel® Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 7.5 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 8.7 High

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CVEID:  CVE-2025-20034

Description: Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel® Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 5.3 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CVSS Base Score 4.0: 5.6 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVEID:  CVE-2025-20009

Description: Improper input validation in the UEFI firmware GenerationSetup module for the Intel® Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 4.1 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS Base Score 4.0: 5.6 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVEID:  CVE-2025-21100

Description: Improper initialization in the UEFI firmware for the Intel® Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 4.1 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS Base Score 4.0: 5.6 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

Intel® Server Board D50DNP and M50FCP UEFI before version R01.02.0003.

Recommendation:

Intel recommends updating Intel® Server Board D50DNP and M50FCP to UEFI version R01.02.0003 or later.

Updates are available at these locations.

D50DNP

M50FCP


Related content:

The following CVEs were previously disclosed as part of IPU releases and impact the listed platforms

1. INTEL-SA-01071    CVE-2024-21829
2. INTEL-SA-01139    CVE-2024-28047, CVE-2024-31157
3. INTEL-SA-01198    CVE-2024-21859, CVE-2024-31155

Acknowledgements:

Intel would like to thank Eason for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.