What is the CVSS score of CVE-2025-32003?

CVE-2025-32003 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Ethernet Controller are affected by CVE-2025-32003?

CVE-2025-32003 presents notable security risk, a out-of-bounds read vulnerability rated CVSS 6.5. Exploitation could cause memory corruption or application crashes.

How to fix or mitigate CVE-2025-32003?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ethernet Controller CVE-2025-32003

MEDIUM

Out-of-bounds Read (CWE-125)

2026-02-10 secure@intel.com

Buffer Overflow Denial Of Service Information Disclosure Intel Ethernet Controller

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 17:16 nvd

MEDIUM 6.5

DescriptionNVD

Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

AnalysisAI

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-45851 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table Th

CVE-2026-45877 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus

CVE-2026-45894 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down P

CVE-2026-45896 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions before setting

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2025-32003 vulnerability details – vuln.today

Back

Ethernet Controller CVE-2025-32003

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code