Information Disclosure in Intel CIP Software for Windows User Applications
CVE-2025-24847

5.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Cip Software
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-24847?

Some versions of Intel's CIP software for Windows contain an improper input validation vulnerability that may expose sensitive information. This weakness can be exploited by an unprivileged adversary leveraging a privileged user, allowing potential data exposure through low complexity attacks. The threat is present via network access when specific attack conditions are met, requiring passive interaction from the user. While the integrity and availability of the system remain unaffected, this vulnerability raises significant concerns regarding system confidentiality.

Affected Version(s)

Intel(R) CIP software before version WIN_DCA_2.4.0.11001

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jan 30, 2025

JSON