Critical vulnerability in Intel EMA highlights risks tied to unpatched enterprise infrastructure
[London, 16 June 2026] Cybersecurity consultancy Reversec, has disclosed a high-severity security vulnerability affecting Intel® Endpoint Management Assistant (EMA) versions earlier than 1.14.5.
Tracked as CVE-2025-35990, the flaw could allow an attacker to remotely take control of vulnerable servers without authentication. The issue was discovered during a client project where Reversec consultants demonstrated that the vulnerability could be used to gain full control of affected systems. Following the discovery, Reversec responsibly disclosed the vulnerability to Intel in November 2025, with a fix now available in Intel EMA version 1.14.5.0.
“Vulnerabilities like this can create serious risk for organisations if exposed systems are left unpatched,” said the Reversec consultant who discovered the vulnerability. “We strongly encourage organisations using Intel EMA to update to the latest version as soon as possible.”
Reversec has published a full technical analysis of the vulnerability, including details on affected systems, potential impact and remediation guidance.
The research is available at: https://labs.reversec.com/advisories/2026/06/intel-endpoint-management-assistant-unauthenticated-remote-code-execution
About Reversec
Reversec, a new name in cybersecurity consulting, helps organizations worldwide tackle their most complex cybersecurity challenges.
With a focus on continuous research, practical solutions and knowledge sharing, Reversec’s findings provide the rationale behind informed security decisions.
With over 30 years of experience, Reversec brings together the expertise of renowned companies MWR Infosecurity, F-Secure, WithSecure, Digital Assurance, nSense, and Inverse Path.
Media Contact
Kelly Friend
Kelly.friend@reversec.com / pr@reversec.com
+44 (0)7880 488357
