Patchday: Intel patches dozens of security vulnerabilities
Intel also held a patch day and published 30 security advisories with updates. Seven of these are high-risk.
(Image: Christof Windeck/heise medien)
Intel also published a series of security advisories on Wednesday night. Of the 30 security advisories, seven address vulnerabilities that the chip manufacturer classifies as high-risk. Admins and users should promptly apply the available updates.
Among others, the Intel PROset / Wireless WiFi Software stands out. It contains six security vulnerabilities that allow attackers to enable denial-of-service. The vulnerabilities CVE-2025-35971, CVE-2025-30255, CVE-2025-35963, and CVE-2025-33029 have a CVSS4 score of 8.3, classifying them as “high” risk. Various Intel WiFi products and processors with integrated wireless functions are affected; the driver for Windows in version 23.160 and newer versions fix the security flaws. They are available for download on Intel's download page.
Intel's firmware and software for Intel's graphics hardware also contain partly high-risk security flaws. Attackers can exploit a vulnerability in the firmware for Intel's Arc B-series GPUs and in the drivers for Intel Arc graphics to escalate their privileges within the system (CVE-2025-32091, CVSS4 8.4, risk “high”). Further vulnerabilities in the drivers for Intel's Arc, Arc Pro, and Iris Xe graphics modules also allow privilege escalation (CVE-2025-31647, CVSS4 5.4, risk “medium”) or denial of service (CVE-2025-25216, CVSS4 2.0, risk “low”). Intel provides the update to driver version 32.0.101.6913 for Intel Arc and Iris Xe. For Intel Arc Pro, version 32.0.101.6862 is available. Intel also recommends updating the Intel LTS Kernel Software to the current version.
Further high-risk vulnerabilities
Intel's UEFI Reference Platform can be exploited for privilege escalation or denial-of-service attacks. This affects Intel Xeon 6 with E-cores (Sierra Forest) and with P-cores (Granite Rapids). System vendors have access to the latest updates and should distribute them to customers. (CVE-2025-30185, CVSS4 8.3, risk “high”).
Videos by heise
Further security advisories that admins should consider in their update planning:
- Intel CIP Software Advisory, max. CVSS4 8.7, risk “high”
- Intel Processor Identification Utility Software Advisory, max. CVSS4 8.5, “high”
- Intel QAT Software Drivers Advisory, max. CVSS4 7.3, “high”
- Intel Slim Bootloader Advisory, CVSS4 7.1, “high”
Intel has published 23 further vulnerability advisories in its Security Center. IT administrators should check if they are using vulnerable products and install the provided updates.
(dmk)
