CVE-2025-20062 – A use-after-free vulnerability in Intel PROSet/... (How to Fix)

Q: What is the severity of CVE-2025-20062?

CVE-2025-20062 has a CVSS score of 6.1 (MEDIUM). A use-after-free vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an unauthenticated attacker on the same network to potentially cause denial of service. This affects users running vulnerable versions of Intel wireless software on Windows systems. The attacker must be within wireless range or on the same local network segment.

📋 TL;DR

A use-after-free vulnerability in Intel PROSet/Wireless WiFi Software for Windows allows an unauthenticated attacker on the same network to potentially cause denial of service. This affects users running vulnerable versions of Intel wireless software on Windows systems. The attacker must be within wireless range or on the same local network segment.

💻 Affected Systems

Products:

Intel PROSet/Wireless WiFi Software for Windows

Versions: All versions before 23.100

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel wireless adapters using the vulnerable software. Requires attacker to be on same network segment.

📦 What is this software?

Proset\/wireless Wifi by Intel

View all CVEs affecting Proset\/wireless Wifi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or kernel panic requiring physical reboot, potentially disrupting critical operations on affected devices.

🟠

Likely Case

Temporary wireless connectivity loss or system instability requiring user intervention to restore functionality.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated software, possibly brief service interruption.

🌐 Internet-Facing: LOW - Requires adjacent network access, not directly exploitable from the internet.

🏢 Internal Only: MEDIUM - Exploitable from the same network segment, could affect multiple internal devices if vulnerable software is widespread.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires adjacent network access and knowledge of vulnerable systems. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.100 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html

Restart Required: Yes

Instructions:

1. Download Intel PROSet/Wireless WiFi Software version 23.100 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow on-screen instructions. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable Wireless Adapter

windows

Temporarily disable the wireless adapter to prevent exploitation

netsh interface set interface "Wi-Fi" admin=disable

Network Segmentation

all

Isolate wireless networks from critical infrastructure

🧯 If You Can't Patch

Implement strict network segmentation to isolate wireless devices from critical systems
Deploy network monitoring for unusual wireless traffic patterns and potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Intel PROSet/Wireless WiFi Software version in Control Panel > Programs and Features

Check Version:

wmic product where "name like 'Intel%PROSet%Wireless%'" get version

Verify Fix Applied:

Verify installed version is 23.100 or later in Programs and Features

📡 Detection & Monitoring

Log Indicators:

System crashes or unexpected reboots
Wireless adapter driver errors in Event Viewer
Kernel memory corruption warnings

Network Indicators:

Unusual wireless traffic patterns
Malformed network packets targeting wireless adapters

SIEM Query:

EventID=1001 OR EventID=41 OR (Source="Kernel-Power" AND EventID=41) OR (Source="Intel Wireless" AND EventID=1000)

📊 Metadata

CVE ID: CVE-2025-20062

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.8th percentile)

Published: May 13, 2025

Last Updated: September 10, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01270.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20062, you might also want to check these: