CLOUD SECURITY Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise Dozens of vulnerabilities, bugs, and potential improvements have been identified by the tech giants’ security teams. By Eduard Kovacs | February 11, 2026 (3:41 AM ET) Flipboard Reddit Whatsapp Email Intel has partnered with Google to conduct a security review of its Trust Domain Extensions (TDX) technology, which led to the discovery of dozens of vulnerabilities, bugs, and improvement suggestions. TDX is a hardware-based confidential computing technology designed to safeguard sensitive workloads and data in cloud and multi-tenant environments, even against a compromised hypervisor and insiders. Intel TDX creates Confidential Virtual Machines (also called Trust Domains or TDs), which are hardware-isolated virtual machines that deliver strong, enforced protections for both confidentiality and integrity. The Google Cloud Security team collaborated with Intel’s INT31 security researchers for five months in 2025, using manual code reviews, custom tools, and off-the-shelf AI to analyze TDX Module 1.5 code, which handles TDX’s high-level functions. The analysis identified five vulnerabilities, along with 35 bugs, weaknesses, and potential areas for security enhancement. Intel has patched all the vulnerabilities and on Tuesday published an advisory. The issues are tracked as CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572 and CVE-2025-32467, and they can be exploited for privilege escalation and information disclosure. ADVERTISEMENT. SCROLL TO CONTINUE READING. In a blog post published on Tuesday, Google highlighted CVE-2025-30513, which allowed an untrusted operator to fully compromise TDX’s security guarantees. “Specifically, CVE-2025-30513 is capable of converting a migratable TD to a debuggable TD during the migration process. A host can exploit a Time-of-Check to Time-of-Use vulnerability to change the TD’s attributes from migratable to debug as its immutable state is being imported,” Google’s researchers explained. “Once triggered the entire decrypted TD state is accessible from the host. At this point a malicious host could construct another TD with the decrypted state or perform live monitoring activities. Because a migration can occur at any point during the TD lifecycle, this attack can be performed after a TD has completed attestation, ensuring secret material is present in its state,” they added. An 85-page technical report describing the findings has been released by Google. Intel has published a blog post providing a high-level description of the research project. Related: Intel, AMD Processors Affected by PCIe Vulnerabilities Related: New Attack Targets DDR5 Memory to Steal Keys From Intel and AMD TEEs Related: WireTap Attack Breaks Intel SGX Security WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats Cybersecurity M&A Roundup: 34 Deals Announced in January 2026 Flickr Security Incident Tied to Third-Party Email System 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Substack Discloses Security Incident After Hacker Leaks Data Latest News ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact 6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates EU Unconditionally Approves Google’s $32B Acquisition of Wiz Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps Reco Raises $30 Million to Enhance AI SaaS Security Vega Raises $120M in Series B Funding to Grow Security Analytics Platform RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities TRENDING Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit PEOPLE ON THE MOVE Pennsylvania has named Andy Ritter as CISO and Jim Sipe as executive deputy CIO. Hayete Gallot has rejoined Microsoft as Executive Vice President, Security. Torq has appointed industry veteran John White as Field CISO. More People On The Move EXPERT INSIGHTS Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Why Identity Security Must Move Beyond MFA By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure. (Torsten George) Forget Predictions: True 2026 Cybersecurity Priorities From Leaders Security leaders chart course beyond predictions with focus on supply chain, governance, and team efficiency. (Jennifer Leggio) Flipboard Reddit Whatsapp Email