CVE-2025-27712
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Intel Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | neural_compressor | 3.1 |
| intel | neural_compressor | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-707 | The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper neutralization issue in Intel Neural Compressor software before version 3.4. It allows an unprivileged, authenticated user to potentially escalate their privileges on the system through a low complexity attack that requires local access and active user interaction. The vulnerability affects user applications running in Ring 3 and may impact the confidentiality, integrity, and availability of the system at a low level.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with local access and an authenticated user account to escalate their privileges, potentially gaining higher access rights than intended. This could lead to low-level impacts on the confidentiality, integrity, and availability of the affected system, although subsequent impacts on system confidentiality, integrity, and availability are expected to be none.