CVE-2025-20050
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-26
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | computing_improvement_program | to 2.4.11001 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an uncontrolled search path issue in some Intel(R) CIP software versions before WIN_DCA_2.4.0.11001. It occurs within Ring 3 (User Applications) and may allow an escalation of privilege. An unprivileged attacker with authenticated user access and the ability to perform a high complexity attack could potentially execute local code by exploiting this vulnerability. It requires local access and active user interaction, but does not require special internal knowledge.
How can this vulnerability impact me? :
The vulnerability can impact the confidentiality, integrity, and availability of the vulnerable system at a high level. This means an attacker could potentially gain unauthorized access, modify data, or disrupt system operations. However, the description notes that subsequent impacts on system confidentiality, integrity, and availability are none, indicating that the initial impact is high but may not propagate further.