CVE-2025-26470
📋 TL;DR
This vulnerability in Intel Distribution for Python installers allows authenticated local users to escalate privileges due to incorrect default permissions. It affects systems running vulnerable versions of the software. Attackers could gain elevated system access if they already have local authenticated access.
💻 Affected Systems
- Intel Distribution for Python
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local authenticated attacker gains full administrative/root privileges on the system, enabling complete system compromise, data theft, and persistence.
Likely Case
Privileged user or malware with local access escalates to higher privileges to install additional malware, modify system configurations, or access restricted data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to authorized users misusing legitimate access.
🎯 Exploit Status
Requires local authenticated access and knowledge of the vulnerable installer. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.1.0 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01345.html
Restart Required: No
Instructions:
1. Download Intel Distribution for Python version 2025.1.0 or later from Intel's official distribution channels. 2. Uninstall the vulnerable version. 3. Install the updated version. 4. Verify the installation completed successfully.
🔧 Temporary Workarounds
Restrict installer permissions
allManually adjust permissions on Intel Python installer files to prevent unauthorized execution
chmod 750 /path/to/intel/python/installer (Linux/macOS)
icacls "C:\Program Files\Intel\Python\installer.exe" /deny Users:F (Windows)
Remove vulnerable installer files
allDelete or move installer files from vulnerable versions to prevent execution
rm -f /path/to/vulnerable/installer (Linux/macOS)
del "C:\Program Files\Intel\Python\vulnerable_installer.exe" (Windows)
🧯 If You Can't Patch
- Implement strict access controls to limit who can execute installer files
- Monitor for unauthorized privilege escalation attempts using security tools
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Intel Distribution for Python. If version is earlier than 2025.1.0, the system is vulnerable.Check Version:
python -c "import sys; print('Intel Python' if 'intel' in sys.version.lower() else 'Not Intel Python'); print(sys.version)"Verify Fix Applied:
Verify the installed version is 2025.1.0 or later and check installer file permissions are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unexpected execution of Intel Python installer files
- Privilege escalation events in system logs
- User account changes from non-admin to admin
Network Indicators:
- None - this is a local privilege escalation vulnerability
SIEM Query:
EventID=4688 AND ProcessName LIKE '%intel%python%installer%' OR EventID=4672 (Windows) OR auth.*privilege.*escalation AND intel.*python (Linux)