Login Sign Up

CVE-2025-20039

6.6 MEDIUM
Denial of Service

📋 TL;DR

A race condition vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows unauthenticated attackers on the same network to potentially cause denial of service. This affects users with vulnerable Intel wireless adapters running Windows. The attack requires adjacent network access, not internet access.

💻 Affected Systems

Products:
  • Intel PROSet/Wireless WiFi Software for Windows
Versions: All versions before 23.100
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Intel wireless adapters using the vulnerable software. Requires WiFi connectivity to be active.

📦 What is this software?

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of WiFi connectivity on affected systems, requiring system restart to recover network functionality.

🟠

Likely Case

Intermittent WiFi disconnections or degraded wireless performance for targeted devices.

🟢

If Mitigated

Minimal impact if patched or if network segmentation prevents adjacent access.

🌐 Internet-Facing: LOW - Attack requires adjacent network access, not internet connectivity.
🏢 Internal Only: MEDIUM - Attackers on the same local network could disrupt WiFi for vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Race conditions require precise timing and adjacent network access, making exploitation moderately complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.100 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html

Restart Required: Yes

Instructions:

1. Download Intel PROSet/Wireless WiFi Software version 23.100 or later from Intel's website
2. Run the installer with administrative privileges
3. Follow on-screen instructions
4. Restart the system when prompted

🔧 Temporary Workarounds

Disable WiFi temporarily

windows

Turn off wireless connectivity to prevent exploitation

netsh interface set interface "Wi-Fi" admin=disable

Network segmentation

all

Isolate vulnerable systems from untrusted networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems from potential attackers
  • Monitor for unusual WiFi disconnection patterns and investigate adjacent network activity

🔍 How to Verify

Check if Vulnerable:

Check Intel PROSet/Wireless WiFi Software version in Control Panel > Programs and Features

Check Version:

wmic product where "name like 'Intel(R) PROSet/Wireless%'" get version

Verify Fix Applied:

Verify installed version is 23.100 or later in Programs and Features

📡 Detection & Monitoring

Log Indicators:

  • Multiple unexpected WiFi disconnection events in Windows Event Logs (Event ID 8003, 1014)
  • Intel Wireless driver crash logs

Network Indicators:

  • Unusual broadcast/multicast traffic patterns targeting WiFi management frames
  • ARP spoofing or other adjacent network attacks

SIEM Query:

source="windows" AND (event_id=8003 OR event_id=1014) AND message="*wireless*" OR "*wifi*"

📊 Metadata

CVE ID: CVE-2025-20039
CVSS v3 Score: 6.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
CWE: CWE-362
EPSS Score: 0.03% exploit probability (6.1th percentile)
Published: May 13, 2025
Last Updated: September 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20039, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)