Login Sign Up

CVE-2025-24862

2.0 LOW

📋 TL;DR

This vulnerability in Intel CIP software allows an attacker with local access and special internal knowledge to upload dangerous file types, potentially enabling privilege escalation and data manipulation. It affects users of Intel(R) CIP software before version WIN_DCA_2.4.0.11001 running in Ring 3 user applications. The attack requires passive user interaction and has high complexity.

💻 Affected Systems

Products:
  • Intel(R) CIP software
Versions: All versions before WIN_DCA_2.4.0.11001
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Ring 3 user applications; requires Intel CIP software installation.

📦 What is this software?

Computing Improvement Program by Intel

View all CVEs affecting Computing Improvement Program →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access and internal knowledge could escalate privileges and manipulate data on the system.

🟠

Likely Case

Limited impact due to high complexity requirements and need for passive user interaction; most likely would result in failed exploitation attempts.

🟢

If Mitigated

With proper access controls and user awareness, the vulnerability poses minimal risk.

🌐 Internet-Facing: LOW - Attack requires local access and passive user interaction, not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Internal attackers with local access and special knowledge could potentially exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires unprivileged software adversary combined with privileged user, passive user interaction, and special internal knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WIN_DCA_2.4.0.11001 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01328.html

Restart Required: Yes

Instructions:

1. Download WIN_DCA_2.4.0.11001 or later from Intel. 2. Install the update. 3. Restart the system.

🔧 Temporary Workarounds

Restrict file upload permissions

windows

Configure application to restrict file uploads to trusted sources only

Implement file type validation

all

Add server-side validation to reject dangerous file types

🧯 If You Can't Patch

  • Implement strict access controls to limit who can upload files
  • Monitor for unusual file upload activities and implement user awareness training

🔍 How to Verify

Check if Vulnerable:

Check Intel CIP software version; if below WIN_DCA_2.4.0.11001, system is vulnerable.

Check Version:

Check Intel CIP software version in Control Panel > Programs and Features or via vendor documentation.

Verify Fix Applied:

Verify Intel CIP software version is WIN_DCA_2.4.0.11001 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activities in application logs
  • Failed file upload attempts with dangerous extensions

Network Indicators:

  • Unexpected file transfer patterns to/from affected systems

SIEM Query:

Search for file upload events with dangerous extensions (.exe, .dll, .bat, etc.) in application logs

📊 Metadata

CVE ID: CVE-2025-24862
CVSS v3 Score: 2.0 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-434
EPSS Score: 0.04% exploit probability (11.1th percentile)
Published: November 11, 2025
Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24862, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)