Improper Control of Code Resources in Intel NPU Drivers Affecting User Applications
CVE-2025-26405

5.1MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Npu Drivers
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-26405?

The vulnerability pertains to improper management of dynamically-controlled code resources within Intel NPU Drivers, specifically affecting user applications. An attacker with authenticated access could leverage this vulnerability to initiate a denial of service attack. The exploit can occur locally, requiring minimal complexity from the adversary, along with passive user interaction. Despite not impacting data confidentiality or integrity, the availability of the affected system is at risk, leading to potential disruptions in service and system reliability.

Affected Version(s)

Intel(R) NPU Drivers See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Mar 6, 2025

JSON