What is the CVSS score of CVE-2025-27243?

CVE-2025-27243 has a CVSS 3.1 base score of 6.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Ethernet Controller are affected by CVE-2025-27243?

CVE-2025-27243 presents moderate security risk, a out-of-bounds write vulnerability rated CVSS 6.0. Exploitation could cause memory corruption or application crashes.

How to fix or mitigate CVE-2025-27243?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ethernet Controller CVE-2025-27243

MEDIUM

Out-of-bounds Write (CWE-787)

2026-02-10 secure@intel.com

Buffer Overflow Denial Of Service Memory Corruption Intel Ethernet Controller

6.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 17:16 nvd

MEDIUM 6.0

DescriptionNVD

Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidenti

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

More from same product – last 7 days

CVE-2026-45851 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table Th

CVE-2026-45877 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus

CVE-2026-45894 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down P

CVE-2026-45896 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2025-27243 vulnerability details – vuln.today

Back

Ethernet Controller CVE-2025-27243

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code