CVE-2025-24314

CWE-284Improper Access Control3 documents3 sources
Severity
2.1LOW
EPSS
0.0%
top 93.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel Computing Improvement Program
Timeline
PublishedNov 11

Description

Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (l

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5intel(r)_cip_softwarebefore version WIN_DCA_2.4.0.11001

🔴Vulnerability Details

2
CVEList
CVE-2025-24314: Improper access control for some Intel(R) CIP software before version WIN_DCA_22025-11-11
GHSA
GHSA-xxxc-p928-96mq: Improper access control for some Intel(R) CIP software before version WIN_DCA_22025-11-11
CVE-2025-24314 (LOW CVSS 2.1) | Improper access control for some In | cvebase.io