Denial of Service Risk in TinyCBOR Library by Intel
CVE-2025-20025

4.1MEDIUM

Key Information:

Vendor

Intel

Vendor
CVE Published:
12 August 2025

What is CVE-2025-20025?

The TinyCBOR library maintained by Intel is vulnerable to uncontrolled recursion, which can be exploited by authenticated users to trigger a denial of service. This vulnerability affects all versions prior to 0.6.1, allowing potential disruptions through local access. Proper precautions should be taken to mitigate the risks associated with this oversight.

Affected Version(s)

TinyCBOR libraries maintained by Intel(R) before version 0.6.1

References

CVSS V4

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20025 : Denial of Service Risk in TinyCBOR Library by Intel