CVE-2025-30518
📋 TL;DR
This vulnerability in Intel PresentMon before version 2.3.1 involves incorrect default permissions that could allow local authenticated attackers to escalate privileges. Attackers need user interaction and high complexity to exploit, potentially compromising confidentiality, integrity, and availability. Only systems running vulnerable versions of Intel PresentMon are affected.
💻 Affected Systems
- Intel PresentMon
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via privilege escalation to Ring 0/kernel level, allowing attackers to install malware, steal sensitive data, or disrupt system operations.
Likely Case
Limited privilege escalation within user applications (Ring 3), potentially allowing attackers to access other user data or perform unauthorized actions within the user context.
If Mitigated
No impact if proper access controls, least privilege principles, and updated software are in place.
🎯 Exploit Status
Requires authenticated user, local access, user interaction, and high complexity attack. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.1
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01392.html
Restart Required: Yes
Instructions:
1. Download Intel PresentMon version 2.3.1 or later from official Intel sources. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system.
🔧 Temporary Workarounds
Remove PresentMon
windowsUninstall Intel PresentMon if not required for operations
Control Panel > Programs > Uninstall a program > Select Intel PresentMon > Uninstall
Restrict Access
windowsApply strict file permissions to PresentMon executables and directories
icacls "C:\Program Files\Intel\PresentMon" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)(RX)"
🧯 If You Can't Patch
- Disable or uninstall Intel PresentMon if not essential for operations
- Implement strict application whitelisting to prevent unauthorized execution of PresentMon
🔍 How to Verify
Check if Vulnerable:
Check PresentMon version in installed programs list or run 'PresentMon --version' from command lineCheck Version:
PresentMon --versionVerify Fix Applied:
Confirm PresentMon version is 2.3.1 or later and verify file permissions on PresentMon directories📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation attempts in Windows Event Logs (Security log Event ID 4672)
- Unexpected PresentMon process execution or termination
Network Indicators:
- Local privilege escalation typically doesn't generate network traffic
SIEM Query:
EventID=4672 AND ProcessName="PresentMon.exe"