CVE-2023-25771

Name: CVE-2023-25771
Creator: NVD / NIST
Published: 2023-05-10T14:15:32.31+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.14%

Last modified Jun 17, 2026

CVE-2023-25771 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.14%

3.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-284

Affected Software

Vendor	Product	Versions
Intel	Nuc 8 Compute Element Cm8i3cb4n Firmware	< cbwhl357.0101
Intel	Nuc 8 Compute Element Cm8i5cb8n Firmware	< cbwhl357.0101
Intel	Nuc 8 Compute Element Cm8i7cb8n Firmware	< cbwhl357.0101
Intel	Nuc 8 Compute Element Cm8ccb4r Firmware	< cbwhl357.0101
Intel	Nuc 8 Compute Element Cm8pcb4r Firmware	< cbwhl357.0101
Intel	Nuc 8 Pro Kit Nuc8i3pnk Firmware	< pnwhl357.0050
Intel	Nuc 8 Pro Board Nuc8i3pnb Firmware	< pnwhl357.0050
Intel	Nuc 8 Pro Kit Nuc8i3pnh Firmware	< pnwhl357.0050
Intel	Nuc 9 Pro Compute Element Nuc9v7qnb Firmware	< qncflx70.0071
Intel	Nuc 9 Pro Compute Element Nuc9v7qnx Firmware	< qncflx70.0071
Intel	Nuc 9 Pro Compute Element Nuc9vxqnb Firmware	< qncflx70.0071
Intel	Nuc 9 Pro Compute Element Nuc9vxqnx Firmware	< qncflx70.0071
Intel	Nuc 8 Home Nuc8i5behfa Firmware	< becfl357.0092
Intel	Nuc 8 Home Nuc8i3behfa Firmware	< becfl357.0092
Intel	Nuc 8 Enthusiast Nuc8i7behga Firmware	< becfl357.0092
Intel	Nuc 8 Home Nuc8i5bekpa Firmware	< becfl357.0092
Intel	Nuc 8 Enthusiast Nuc8i7bekqa Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i7beh Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i5bek Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i5beh Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i3bek Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i3beh Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i7bek Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i5behs Firmware	< becfl357.0092
Intel	Nuc Kit Nuc8i3behs Firmware	< becfl357.0092
Intel	Nuc 8 Business Nuc8i7hnkqc Firmware	< hnkbki70.0070
Intel	Nuc 8 Enthusiast Nuc8i7hvkva Firmware	< hnkbki70.0070
Intel	Nuc 8 Enthusiast Nuc8i7hvkvaw Firmware	< hnkbki70.0070
Intel	Nuc Kit Nuc8i7hvk Firmware	< hnkbki70.0070
Intel	Nuc Kit Nuc8i7hnk Firmware	< hnkbki70.0070
Intel	Compute Stick Stk2mv64cc Firmware	< ccsklm5v.0067
Intel	Nuc 7 Essential Nuc7cjysamn Firmware	< ayaplcel.0074
Intel	Nuc Kit Nuc7cjyhn Firmware	< ayaplcel.0074
Intel	Nuc Kit Nuc7pjyhn Firmware	< ayaplcel.0074
Intel	Nuc Kit Nuc7pjyh Firmware	< ayaplcel.0074
Intel	Nuc 7 Essential Nuc7cjysal Firmware	< ayaplcel.0074
Intel	Nuc Kit Nuc7cjyh Firmware	< ayaplcel.0074
Intel	Nuc 7 Home Nuc7i5bnhxf Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i5bnhx1 Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i5bnh Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i3bnk Firmware	< bnkbl357.0089
Intel	Nuc 7 Enthusiast Nuc7i7bnhxg Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i3bnhx1 Firmware	< bnkbl357.0089
Intel	Nuc 7 Enthusiast Nuc7i7bnkq Firmware	< bnkbl357.0089
Intel	Nuc 7 Home Nuc7i3bnhxf Firmware	< bnkbl357.0089
Intel	Nuc 7 Home Nuc7i5bnkp Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i5bnk Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i7bnh Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i3bnh Firmware	< bnkbl357.0089
Intel	Nuc Kit Nuc7i7bnhx1 Firmware	< bnkbl357.0089

Showing 50 of 65 affected configurations. See NVD for the full list.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.htmlPatch, Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.htmlPatch, Vendor Advisory

Timeline

Published: May 10, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-25771?

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

How severe is CVE-2023-25771?

CVE-2023-25771 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.

How do I fix CVE-2023-25771?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-25771?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST