CVE-2025-26694 – A null pointer dereference vulnerability in Int... (How to Fix)

Q: What is the severity of CVE-2025-26694?

CVE-2025-26694 has a CVSS score of 5.5 (MEDIUM). A null pointer dereference vulnerability in Intel QAT Windows software before version 2.6.0 allows authenticated local users to cause denial of service. Attackers with local access can crash the QAT service, potentially disrupting acceleration functions. Only Windows systems with vulnerable Intel QAT software are affected.

📋 TL;DR

A null pointer dereference vulnerability in Intel QAT Windows software before version 2.6.0 allows authenticated local users to cause denial of service. Attackers with local access can crash the QAT service, potentially disrupting acceleration functions. Only Windows systems with vulnerable Intel QAT software are affected.

💻 Affected Systems

Products:

Intel Quick Assist Technology (QAT) Windows software

Versions: All versions before 2.6.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel QAT software installed and enabled. Requires local authenticated user access.

📦 What is this software?

Quickassist Technology by Intel

View all CVEs affecting Quickassist Technology →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service of Intel QAT acceleration functions, potentially affecting applications relying on cryptographic or compression acceleration.

🟠

Likely Case

Local authenticated user causes QAT service crash, requiring service restart to restore functionality.

🟢

If Mitigated

Minimal impact with proper access controls limiting local user privileges and monitoring for service crashes.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local authenticated users can exploit, but requires specific software and access level.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Attack requires local authenticated access. No special privileges or user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.0 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html

Restart Required: Yes

Instructions:

1. Download Intel QAT software version 2.6.0 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow on-screen installation instructions. 4. Restart the system to complete installation.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts and privileges to reduce attack surface

Monitor QAT service health

windows

Implement monitoring for QAT service crashes and automatic restart

🧯 If You Can't Patch

Implement strict access controls to limit local authenticated users
Monitor system logs for QAT service crashes and investigate anomalies

🔍 How to Verify

Check if Vulnerable:

Check Intel QAT software version in Programs and Features or via 'wmic product get name,version' command

Check Version:

wmic product where "name like '%Intel%QAT%'" get name,version

Verify Fix Applied:

Verify installed version is 2.6.0 or later and QAT service is running normally

📡 Detection & Monitoring

Log Indicators:

Unexpected QAT service crashes
Application errors related to QAT acceleration

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=7031 OR EventID=7034 with service name containing 'QAT'

📊 Metadata

CVE ID: CVE-2025-26694

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: November 11, 2025

Last Updated: November 26, 2025

🔗 References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26694, you might also want to check these: