Uncontrolled Recursion in TinyCBOR Libraries by Intel
CVE-2025-24302

5.4MEDIUM

Key Information:

Vendor

Intel

Vendor
CVE Published:
12 August 2025

What is CVE-2025-24302?

A vulnerability exists in the TinyCBOR libraries maintained by Intel, where uncontrolled recursion prior to version 0.6.1 could allow an authenticated user to exploit this weakness, potentially enabling them to escalate their privileges via local access. This issue highlights the importance of updating to the latest library version to mitigate possible security risks.

Affected Version(s)

TinyCBOR libraries maintained by Intel(R) before version 0.6.1

References

CVSS V4

Score:
5.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.