CVE-2025-20026 – An out-of-bounds read vulnerability in Intel PR... (How to Fix)

Q: What is the severity of CVE-2025-20026?

CVE-2025-20026 has a CVSS score of 6.1 (MEDIUM). An out-of-bounds read vulnerability in Intel PROSet/Wireless WiFi Software for Windows could allow an unauthenticated attacker on the same network to cause denial of service. This affects Windows systems with vulnerable Intel WiFi drivers before version 23.100. The attacker must be within wireless range of the target device.

📋 TL;DR

An out-of-bounds read vulnerability in Intel PROSet/Wireless WiFi Software for Windows could allow an unauthenticated attacker on the same network to cause denial of service. This affects Windows systems with vulnerable Intel WiFi drivers before version 23.100. The attacker must be within wireless range of the target device.

💻 Affected Systems

Products:

Intel PROSet/Wireless WiFi Software for Windows

Versions: All versions before 23.100

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel WiFi adapters using vulnerable driver versions. Requires attacker to be within wireless range.

📦 What is this software?

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or persistent WiFi disruption requiring reboot, potentially affecting business operations on vulnerable devices.

🟠

Likely Case

Temporary WiFi disconnection or degraded wireless performance until system recovery.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated drivers.

🌐 Internet-Facing: LOW - Requires adjacent network access, not directly internet exploitable.

🏢 Internal Only: MEDIUM - Internal attackers on same wireless network could disrupt WiFi connectivity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless adjacency and knowledge of vulnerable systems. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 23.100 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html

Restart Required: Yes

Instructions:

1. Download Intel Driver & Support Assistant from Intel website. 2. Run the tool to detect vulnerable drivers. 3. Follow prompts to update to version 23.100 or later. 4. Restart system after installation completes.

🔧 Temporary Workarounds

Disable WiFi temporarily

windows

Disable wireless connectivity to prevent exploitation while planning updates.

netsh interface set interface "Wi-Fi" admin=disable

Network segmentation

all

Isolate wireless networks from critical systems using VLANs or firewalls.

🧯 If You Can't Patch

Implement strict wireless network access controls and monitoring
Deploy network intrusion detection systems to monitor for WiFi disruption attempts

🔍 How to Verify

Check if Vulnerable:

Check driver version in Device Manager under Network adapters > Intel(R) Wireless adapter > Driver tab. Version should be 23.100 or higher.

Check Version:

wmic path win32_pnpsigneddriver where "devicename like '%Intel%Wireless%'" get devicename, driverversion

Verify Fix Applied:

Verify driver version shows 23.100 or later in Device Manager and WiFi connectivity functions normally.

📡 Detection & Monitoring

Log Indicators:

Unexpected WiFi disconnections
Driver crash events in Windows Event Log
System logs showing network adapter errors

Network Indicators:

Unusual wireless traffic patterns
Multiple connection attempts to same device
Malformed WiFi packets

SIEM Query:

EventID=1001 OR EventID=1000 Source="Intel Wireless Driver" OR "WiFi adapter reset"

📊 Metadata

CVE ID: CVE-2025-20026

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.03% exploit probability (8.8th percentile)

Published: May 13, 2025

Last Updated: September 10, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20026, you might also want to check these: