Uncontrolled Search Path Vulnerability in Intel oneAPI DPC++C++ Compiler Software
CVE-2025-32038

5.4MEDIUM

Key Information:

Vendor: Intel
Status: Intel Oneapi Dpc++c++ Compiler Software
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-32038?

The Intel oneAPI DPC++C++ Compiler software is susceptible to an uncontrolled search path vulnerability, which may allow an unprivileged authenticated user to escalate privileges. This vulnerability arises due to a flaw in the handling of user applications and requires local access alongside a complex attack strategy. The attack could be executed without significant internal knowledge, although it necessitates active interaction from the user. If successfully exploited, this could severely impact the system's confidentiality, integrity, and availability.

Affected Version(s)

Intel oneAPI DPC++C++ Compiler software before version 2025.0.1

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 4, 2025

JSON