Critical New Spectre Vulnerability Discovered: Modern Intel CPUs Still at Risk in 2025

Latest Spectre Discovery Raises Fresh Security Concerns

Researchers at ETH Zürich have discovered a new security flaw affecting all modern Intel CPUs, demonstrating that the Spectre vulnerability continues to haunt computer systems. The newly identified vulnerability, called Branch Privilege Injection (BPI), allows attackers to misuse CPU prediction calculations to gain unauthorized access to information from other processor users.

Technical Impact and Risks

According to Kaveh Razavi, head of the Computer Security Group (COMSEC) and study author, this shortcoming affects all Intel processors, potentially enabling malicious actors to steal sensitive data including passwords, keys, and other secrets from other running programs, the operating system kernel, or even adjacent virtual machines on a host.

The research team has demonstrated three new classes of self-training Spectre-v2 attacks, supported by two end-to-end exploits that can leak kernel memory at rates of up to 17 KB/sec. These discoveries have led to the identification of two new hardware issues (CVE-2024-28956 and CVE-2025-24495) that completely compromise domain isolation.

Industry Response and Mitigation

Intel has released a microcode update to address the flaw, while Arm is also preparing advisories for software developers to mitigate the risk. The chipmaker’s latest advisory addresses the BPI vulnerability, officially termed as Indirect Branch Predictor Delayed Updates. The vulnerability affects all Intel x86 chips since the 9th generation (Coffee Lake Refresh), with some impact observed back to 7th generation (Kaby Lake) processors.

Broader Implications

While the real-world risk of Spectre exploitation has been limited so far, the implications are serious. Security experts warn that attackers could potentially compromise cloud environments, where a malicious virtual machine could leak information from the hypervisor, including data belonging to other customers’ VMs.

‘We appreciate the work done by ETH Zurich on this research and collaboration on coordinated public disclosure,’ an Intel spokesperson stated, highlighting the ongoing cooperation between researchers and industry leaders to address these critical security challenges.