Denial of Service Risk in TinyCBOR Library by Intel
CVE-2025-20025

4.1MEDIUM

Key Information:

Vendor: Intel
Status: Tinycbor Libraries Maintained By Intel(r)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-20025?

The TinyCBOR library maintained by Intel is vulnerable to uncontrolled recursion, which can be exploited by authenticated users to trigger a denial of service. This vulnerability affects all versions prior to 0.6.1, allowing potential disruptions through local access. Proper precautions should be taken to mitigate the risks associated with this oversight.

Affected Version(s)

TinyCBOR libraries maintained by Intel(R) before version 0.6.1

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Jan 25, 2025

JSON