Skip to main content

Computing Improvement Program CVE-2025-24863

MEDIUM
Improper Privilege Management (CWE-269)
2025-11-11 secure@intel.com
6.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:21 vuln.today
CVE Published
Nov 11, 2025 - 17:15 nvd
MEDIUM 6.0

DescriptionCVE.org

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. Affected products include: Intel Computing Improvement Program.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

CVE-2021-0074 HIGH
7.8 Jun 09

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 ma

CVE-2021-0052 HIGH
7.8 Jun 09

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenti

CVE-2020-8736 HIGH
7.8 Aug 13

Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an

CVE-2019-11162 HIGH
7.8 Aug 19

Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before ver

CVE-2018-12168 HIGH
7.8 Sep 12

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an

CVE-2024-36482 HIGH
7.1 Nov 13

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentia

CVE-2020-12308 MEDIUM
6.5 Nov 12

Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged

CVE-2024-36276 MEDIUM
5.4 Nov 13

Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user t

CVE-2025-24862 LOW
2.0 Nov 11

Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within

CVE-2025-24847 MEDIUM
5.7 Nov 11

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applicat

CVE-2025-24838 HIGH
7.7 Nov 11

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appl

CVE-2025-24834 MEDIUM
6.0 Nov 11

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Appli

Share

CVE-2025-24863 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy