CVE-2025-24519
📋 TL;DR
A buffer overflow vulnerability in Intel QAT Windows software allows authenticated local attackers to escalate privileges and manipulate data. This affects systems running Intel QAT software versions before 2.6.0 on Windows. Attackers need local access but no special knowledge or user interaction.
💻 Affected Systems
- Intel QuickAssist Technology (QAT) Windows software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via privilege escalation leading to data manipulation, persistence, and lateral movement.
Likely Case
Local authenticated attacker gains elevated privileges to modify system data or configurations.
If Mitigated
Limited impact with proper access controls, monitoring, and network segmentation in place.
🎯 Exploit Status
Attack complexity is low per CVSS, but requires authenticated local access. No public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.0 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html
Restart Required: Yes
Instructions:
1. Download Intel QAT software version 2.6.0 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow on-screen instructions. 4. Restart the system when prompted.
🔧 Temporary Workarounds
Restrict Local Access
windowsLimit local user access to systems with Intel QAT software to trusted personnel only.
Disable QAT Service
windowsTemporarily disable the Intel QAT service if not required for system functionality.
sc stop "Intel(R) QAT Service"
sc config "Intel(R) QAT Service" start= disabled
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to affected systems
- Monitor for unusual privilege escalation attempts and system modifications
🔍 How to Verify
Check if Vulnerable:
Check Intel QAT software version in Programs and Features or via command: wmic product where "name like '%Intel%QAT%'" get versionCheck Version:
wmic product where "name like '%Intel%QAT%'" get versionVerify Fix Applied:
Verify installed version is 2.6.0 or later using same command and check that no buffer overflow events are logged.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing privilege escalation attempts
- Application crashes related to Intel QAT processes
- Unexpected system modifications by authenticated users
Network Indicators:
- No network indicators - local exploit only
SIEM Query:
EventID=4688 AND ProcessName LIKE '%qat%' AND NewProcessName LIKE '%system%' OR EventID=4672 AND SubjectUserName NOT IN (trusted_users)