Intel has partnered with Google to conduct a security review of its Trust Domain Extensions (TDX) technology, which led to the discovery of dozens of vulnerabilities, bugs, and improvement suggestions.
TDX is a hardware-based confidential computing technology designed to safeguard sensitive workloads and data in cloud and multi-tenant environments, even against a compromised hypervisor and insiders.
Intel TDX creates Confidential Virtual Machines (also called Trust Domains or TDs), which are hardware-isolated virtual machines that deliver strong, enforced protections for both confidentiality and integrity.
The Google Cloud Security team collaborated with Intel’s INT31 security researchers for five months in 2025, using manual code reviews, custom tools, and off-the-shelf AI to analyze TDX Module 1.5 code, which handles TDX’s high-level functions.
The analysis identified five vulnerabilities, along with 35 bugs, weaknesses, and potential areas for security enhancement.
Intel has patched all the vulnerabilities and on Tuesday published an advisory. The issues are tracked as CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572 and CVE-2025-32467, and they can be exploited for privilege escalation and information disclosure.
In a blog post published on Tuesday, Google highlighted CVE-2025-30513, which allowed an untrusted operator to fully compromise TDX’s security guarantees.
“Specifically, CVE-2025-30513 is capable of converting a migratable TD to a debuggable TD during the migration process. A host can exploit a Time-of-Check to Time-of-Use vulnerability to change the TD’s attributes from migratable to debug as its immutable state is being imported,” Google’s researchers explained.
“Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities. Because a migration can occur at any point during the TD lifecycle, this attack can be performed after a TD has completed attestation, ensuring secret material is present in its state,” they added.
An 85-page technical report describing the findings has been released by Google. Intel has published a blog post providing a high-level description of the research project.
Related: Intel, AMD Processors Affected by PCIe Vulnerabilities
Related: New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs
