CVE-2025-20046 – A use-after-free vulnerability in Intel PROSet/... (How to Fix)

Q: What is the severity of CVE-2025-20046?

CVE-2025-20046 has a CVSS score of 8.0 (HIGH). A use-after-free vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an unauthenticated attacker on the same network to potentially cause denial of service. This affects Windows systems running vulnerable versions of Intel WiFi drivers and software. The attacker must be within wireless range or on the same local network segment.

📋 TL;DR

A use-after-free vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an unauthenticated attacker on the same network to potentially cause denial of service. This affects Windows systems running vulnerable versions of Intel WiFi drivers and software. The attacker must be within wireless range or on the same local network segment.

💻 Affected Systems

Products:

Intel PROSet/Wireless WiFi Software for Windows

Versions: All versions before 23.100

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel WiFi hardware and vulnerable driver/software versions installed.

📦 What is this software?

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or kernel panic requiring physical reboot, potentially disrupting critical operations on affected systems.

🟠

Likely Case

Temporary WiFi disconnection or system instability requiring user intervention to restore connectivity.

🟢

If Mitigated

Limited impact with proper network segmentation and updated drivers, potentially only affecting WiFi functionality temporarily.

🌐 Internet-Facing: LOW - Requires adjacent network access, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Exploitable by any device on the same wireless or local network segment without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires adjacent network access and knowledge of vulnerable systems. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.100 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html

Restart Required: Yes

Instructions:

1. Download Intel Driver & Support Assistant from Intel website. 2. Run the tool to detect vulnerable drivers. 3. Follow prompts to update to version 23.100 or later. 4. Restart system when prompted.

🔧 Temporary Workarounds

Disable WiFi temporarily

windows

Disable WiFi adapter to prevent exploitation while awaiting patch

netsh interface set interface "Wi-Fi" admin=disable

Network segmentation

all

Isolate vulnerable systems on separate VLANs or network segments

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from untrusted networks
Deploy network monitoring for unusual WiFi traffic patterns or connection attempts

🔍 How to Verify

Check if Vulnerable:

Check Intel PROSet/Wireless version in Control Panel > Programs and Features or via Device Manager > Network adapters > Intel WiFi adapter > Driver tab

Check Version:

netsh wlan show drivers | findstr /i "driver version"

Verify Fix Applied:

Verify driver version is 23.100 or higher in Device Manager or using 'netsh wlan show drivers' command

📡 Detection & Monitoring

Log Indicators:

System crashes or unexpected reboots
WiFi driver error events in Windows Event Log
Network disconnection events

Network Indicators:

Unusual WiFi management frame traffic
Multiple connection attempts to vulnerable systems from single source

SIEM Query:

EventID=1001 OR EventID=6008 OR (EventID=10016 AND SourceName="e1dexpress")

📊 Metadata

CVE ID: CVE-2025-20046

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (12.2th percentile)

Published: May 13, 2025

Last Updated: September 10, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20046, you might also want to check these: