Back

Security Bulletin, September 2025

CVE-2025-22830, CVE-2024-38805, CVE-2025-20067, CVE-2025-22392, CVE-2025-20613, CVE-2025-22853, CVE-2025-21096, CVE-2025-20053, CVE-2025-24305, CVE-2025-21090, CVE-2025-26403, CVE-2025-32086
Sep 05, 2025

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server, workstation, and motherboard products. The affected platforms are listed below.

 

Platform

BIOS Release Schedule

CVE-2025-22830

AMD EPYC 9004 Series Processors [1]

Released

AMD EPYC 7003 Series Processors

Released

AMD EPYC 7002 Series Processors

Released

AMD EPYC 8004 Series Processors

Released

AMD EPYC 4005/4004 & Ryzen 9000/7000 Series Processors

Released

Intel® Xeon® E-2300 Series

Released

3rd Gen Intel® Xeon® Scalable Processors

Released

CVE-2024-38805

AMD EPYC 7003 Series Processors

Released

AMD EPYC 7002 Series Processors

Released

3rd Gen Intel® Xeon® Scalable Processors

Released

CVE-2025-20067

14th/13th/12th Gen Intel® Core Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

Intel® Xeon® W-3500/2500/3400/2400 Processors

Released

3rd Gen Intel® Xeon® Scalable Processors

Released

CVE-2025-22392

Intel® Xeon® E-2300 Series

Released

14th/13th/12th Gen Intel® Core Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

Intel® Xeon® W-3500/2500/3400/2400 Processors

Released

CVE-2025-20613

Intel® Xeon® 6 Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

CVE-2025-22853

Intel® Xeon® 6 Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

CVE-2025-21096

Intel® Xeon® 6 Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

CVE-2025-20053

Intel® Xeon® 6 Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

Intel® Xeon® W-3500/2500/3400/2400 Processors

Released

CVE-2025-24305

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

Intel® Xeon® W-3500/2500/3400/2400 Processors

Released

CVE-2025-21090

Intel® Xeon® 6 Processors

Released

5th/4th Gen Intel® Xeon® Scalable Processors & Intel® Xeon® CPU Max Series

Released

Intel® Xeon® W-3500/2500/3400/2400 Processors

Released

CVE-2025-26403

Intel® Xeon® 6 Processors

Released

CVE-2025-32086

Intel® Xeon® 6 Processors

Released

[1] XV23-ZX0 does not follow the AMD EPYC 9005/9004 Series Processors BIOS release schedule, please contact our sales team for further information on the BIOS release plan.

 

The vulnerabilities are listed below. Updated BIOS versions to address the threats will be available on all affected product pages.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-22830

Severity Rating: High

Description: APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2024-38805

Severity Rating: Medium

Description: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-20067

Severity Rating: Medium

Description: Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-22392

Severity Rating: Medium

Description: Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-20613

Severity Rating: Low

Description: Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-22853

Severity Rating: Low

Description: Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-21096

Severity Rating: Low

Description: Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-20053

Severity Rating: High

Description: Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-24305

Severity Rating: High

Description: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-21090

Severity Rating: Medium

Description: Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-26403

Severity Rating: Medium

Description: Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

 

Common Vulnerabilities or Exposures (CVEID): CVE-2025-32086

Severity Rating: Medium

Description: Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

 

 

*The release schedule may be adjusted without further notification. Please check this page or contact technical support for any future updates.

*Please navigate to the "Support" section of the relevant product page to download the updated BIOS.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com