CVE-2025-35979: Information Disclosure in Intel(R) Processors
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
AI Analysis
Technical Summary
This vulnerability involves exposure of sensitive information due to shared microarchitectural predictor state that affects transient execution on certain Intel processors during VMX non-root operation. An attacker with local authenticated access and high complexity attack capabilities may exploit this to disclose data. The CVSS 4.0 score is 6.8 (medium severity), reflecting local attack vector, high attack complexity, and high confidentiality impact. There is no indication of integrity or availability impact. No vendor remediation or patch information is provided at this time.
Potential Impact
The vulnerability may lead to unauthorized disclosure of sensitive information on affected Intel processors when exploited locally by an authenticated user. There is no impact on system integrity or availability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should follow Intel's security advisories and consider limiting access to trusted users only, as exploitation requires authenticated local access and high attack complexity.
CVE-2025-35979: Information Disclosure in Intel(R) Processors
Description
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (none) and availability (none) impacts.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves exposure of sensitive information due to shared microarchitectural predictor state that affects transient execution on certain Intel processors during VMX non-root operation. An attacker with local authenticated access and high complexity attack capabilities may exploit this to disclose data. The CVSS 4.0 score is 6.8 (medium severity), reflecting local attack vector, high attack complexity, and high confidentiality impact. There is no indication of integrity or availability impact. No vendor remediation or patch information is provided at this time.
Potential Impact
The vulnerability may lead to unauthorized disclosure of sensitive information on affected Intel processors when exploited locally by an authenticated user. There is no impact on system integrity or availability. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should follow Intel's security advisories and consider limiting access to trusted users only, as exploitation requires authenticated local access and high attack complexity.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- intel
- Date Reserved
- 2025-04-15T21:20:16.409Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a036569cbff5d861008d827
Added to database: 5/12/2026, 5:37:45 PM
Last enriched: 5/12/2026, 5:53:42 PM
Last updated: 5/13/2026, 4:57:16 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.