PatchSiren cyber security CVE debrief
CVE-2025-35998 Intel CVE debrief
CVE-2025-35998 is a high-severity vulnerability in Intel Quick Assist Technology that allows for privilege escalation. The vulnerability is caused by a missing protection mechanism for alternate hardware interfaces in the Intel Quick Assist Technology for some Intel Platforms within Ring 0: Kernel. An adversary with a privileged user account and low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. The CVSS score for this vulnerability is 7, indicating a high severity. The vulnerability was published on February 10, 2026, and last modified on June 30, 2026.
- Vendor
- Intel
- Product
- Intel Quick Assist Technology
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-10
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-10
- Advisory updated
- 2026-06-30
Who should care
System administrators and security teams responsible for Intel-based systems should be aware of this vulnerability and take necessary steps to mitigate it. The vulnerability requires a privileged user account and special internal knowledge, but no user interaction. Therefore, it is essential to prioritize patching and ensure that all systems are up-to-date.
Technical summary
The vulnerability is caused by a missing protection mechanism for alternate hardware interfaces in the Intel Quick Assist Technology for some Intel Platforms within Ring 0: Kernel. This allows an adversary with a privileged user account and low complexity attack to enable escalation of privilege. The vulnerability has a CVSS score of 7 and affects the confidentiality (high) and integrity (high) of the vulnerable system. The vulnerability can be exploited via local access, and no user interaction is required.
Defensive priority
High priority should be given to patching this vulnerability, as it allows for privilege escalation and has a high CVSS score. System administrators and security teams should prioritize patching and ensure that all systems are up-to-date.
Recommended defensive actions
- Apply the patch provided by Intel to address the vulnerability.
- Ensure that all systems are up-to-date with the latest security patches.
- Implement additional security measures, such as access controls and monitoring, to detect and prevent exploitation.
- Conduct regular vulnerability assessments to identify and address potential vulnerabilities.
- Review and update incident response plans to ensure preparedness in case of an exploit.
- Consider implementing compensating controls, such as intrusion detection systems, to detect and prevent exploitation.
- Monitor system logs and network traffic for suspicious activity.
- Perform regular security audits to identify and address potential vulnerabilities.
Evidence notes
The vulnerability is documented in the CVE record and NVD detail pages. The source item URL provides additional information about the vulnerability, including references to Intel and Red Hat advisories. The CVE record and NVD detail pages provide a comprehensive overview of the vulnerability, including its CVSS score, impact, and affected systems.
Official resources
-
CVE-2025-35998 CVE record
CVE.org
-
CVE-2025-35998 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.