What is the CVSS score of CVE-2025-27535?

CVE-2025-27535 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Ethernet Controller are affected by CVE-2025-27535?

CVE-2025-27535 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-27535?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ethernet Controller CVE-2025-27535

MEDIUM

Exposed IOCTL with Insufficient Access Control (CWE-782)

2026-02-10 secure@intel.com

Denial Of Service Intel Ethernet Controller

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 17:16 nvd

MEDIUM 5.3

DescriptionNVD

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. [CVSS 5.3 MEDIUM]