CVE-2025-24847
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-26
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | computing_improvement_program | to 2.4.11001 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to improper input validation in certain Intel(R) CIP software versions before WIN_DCA_2.4.0.11001. It occurs within Ring 3 (User Applications) and may allow an unprivileged software adversary, combined with a privileged user, to disclose information. The attack complexity is low and may happen via network access without special internal knowledge, requiring only passive user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to information disclosure, impacting the confidentiality of the system. It does not affect the integrity or availability of the system. An attacker with certain privileges and low complexity attack methods could potentially expose sensitive data.