CVE-2025-27712
📋 TL;DR
This vulnerability in Intel Neural Compressor software allows authenticated local users to escalate privileges via improper input neutralization. Attackers could gain higher system privileges than intended, but require user interaction and local access. Only users running vulnerable versions of Intel Neural Compressor are affected.
💻 Affected Systems
- Intel Neural Compressor
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local authenticated attacker gains elevated system privileges, potentially compromising the entire system.
Likely Case
Limited privilege escalation within the application context, allowing unauthorized access to restricted functions.
If Mitigated
No impact if patched or if proper access controls prevent local user execution.
🎯 Exploit Status
CVSS indicates low attack complexity but requires authenticated local access and user interaction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v3.4 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01365.html
Restart Required: Yes
Instructions:
1. Download Intel Neural Compressor v3.4 or later from Intel's official distribution channels. 2. Uninstall previous vulnerable versions. 3. Install the updated version. 4. Restart the system to ensure changes take effect.
🔧 Temporary Workarounds
Restrict Local User Access
allLimit which users can execute Intel Neural Compressor software on affected systems.
Application Whitelisting
allImplement application control policies to prevent execution of vulnerable Intel Neural Compressor versions.
🧯 If You Can't Patch
- Remove Intel Neural Compressor from systems where it's not essential
- Implement strict least-privilege access controls for local users
🔍 How to Verify
Check if Vulnerable:
Check Intel Neural Compressor version: On Linux/macOS run 'python -c "import neural_compressor; print(neural_compressor.__version__)"', on Windows check installed programs list.Check Version:
python -c "import neural_compressor; print(neural_compressor.__version__)"Verify Fix Applied:
Confirm version is v3.4 or higher using the same version check command.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts in system logs
- Intel Neural Compressor process spawning with elevated privileges
Network Indicators:
- None - local vulnerability only
SIEM Query:
Process creation events where parent process is Intel Neural Compressor with elevated privileges