External Control of File Name in Intel CIP Software
CVE-2025-20614

5.6MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Cip Software
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-20614?

A vulnerability exists in Intel's CIP software that allows external control of file names or paths within certain user applications. This flaw enables unprivileged software adversaries to exploit privileges of a legitimate user, leading to potential privilege escalation. The attack can be executed locally without requiring intricate internal knowledge or interaction from the user, making it particularly dangerous. Users of the affected versions should assess their systems for potential exposure, ensuring that appropriate security measures are in place to mitigate risks associated with this vulnerability.

Affected Version(s)

Intel(R) CIP software before version WIN_DCA_2.4.0.11001

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jan 30, 2025

JSON