Privilege Escalation Vulnerability in Intel CIP Software
CVE-2025-24848

5.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Cip Software
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-24848?

A vulnerability exists in some Intel CIP software prior to version WIN_DCA_2.4.0.11001 due to a failure in the protection mechanism within Ring 3, affecting user applications. An attacker could exploit this flaw to escalate privileges, leveraging unprivileged software access combined with a privileged user's permissions. Successful exploitation could require local access under certain conditions, without needing specific insider knowledge, and may involve passive user interaction. This vulnerability poses risks to the confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Intel(R) CIP software before version WIN_DCA_2.4.0.11001

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jan 25, 2025

JSON