Improper Access Control in Intel PCIe Switch Software
CVE-2025-24323

7HIGH

What is CVE-2025-24323?

The vulnerability in the Intel PCIe Switch software stems from inadequate access controls in specific firmware packages and the associated LED mode toggle tool. This weakness allows a privileged user to execute unauthorized actions, potentially leading to an escalation of privileges through local access. Prompt updates and diligent management of access rights are recommended to mitigate the risks associated with this vulnerability.

Affected Version(s)

firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1

References

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.