CVE-2025-27710
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-26
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | quickassist_technology | to 2.6.0-0018 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-822 | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an untrusted pointer dereference in some Intel(R) QAT Windows software versions before 2.6.0. It occurs within Ring 3 (user applications) and may allow an authenticated user with local access to cause information disclosure. The attack requires low complexity and no user interaction, but it needs some special internal knowledge. The vulnerability primarily impacts the confidentiality of the system, with no effect on integrity or availability.
How can this vulnerability impact me? :
This vulnerability can lead to information disclosure, meaning sensitive data could be exposed to an attacker who has authenticated local access. It does not affect system integrity or availability, but the confidentiality impact is considered high, potentially exposing sensitive information.