CVE-2025-20056
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | vtune_profiler | <2025.1> |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to improper input validation in Intel VTune Profiler versions before 2025.1. It allows an unprivileged, authenticated user to escalate privileges through a low complexity local attack without requiring special internal knowledge or user interaction. The vulnerability affects user applications running in Ring 3 and may enable data manipulation.
How can this vulnerability impact me? :
The vulnerability may impact the integrity and availability of the vulnerable system at a low level, potentially allowing data manipulation. However, it does not affect confidentiality. The overall impact is limited to low severity with no direct impact on system confidentiality, integrity, or availability beyond the initial low-level effects.