Uncontrolled Search Path Vulnerability in Ring 3 User Applications by Intel
CVE-2025-31931

5.4MEDIUM

Key Information:

Vendor: Intel
Status: Instrumentation And Tracing Technology Api (itt Api) Software
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-31931?

The Instrumentation and Tracing Technology API (ITT API) developed by Intel has a vulnerability that allows for uncontrolled search paths. This security flaw may enable an unprivileged software adversary, with authenticated user access, to execute a complex attack that escalates privileges. Exploitation of this vulnerability requires local access and user interaction, suggesting that even an attacker with limited knowledge can take advantage of the flaw under specific circumstances. The implications of this vulnerability could jeopardize the confidentiality, integrity, and availability of impacted systems.

Affected Version(s)

Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 4, 2025

JSON