CVE-2025-35972
📋 TL;DR
This vulnerability in Intel MPI Library allows local attackers to escalate privileges by exploiting an uncontrolled search path (DLL hijacking). It affects users running vulnerable versions of Intel MPI Library on Windows systems where an attacker can place malicious files in search paths.
💻 Affected Systems
- Intel MPI Library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to SYSTEM/root level, allowing complete system compromise, data theft, and persistence establishment.
Likely Case
Limited privilege escalation within user context to gain additional permissions or access restricted resources.
If Mitigated
No impact if proper access controls prevent local file placement or if vulnerable software isn't installed.
🎯 Exploit Status
Requires authenticated user, local access, user interaction, and specific file placement conditions. High complexity attack according to description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.16 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01386.html
Restart Required: Yes
Instructions:
1. Download Intel MPI Library version 2021.16 or later from Intel's website. 2. Uninstall previous vulnerable version. 3. Install updated version. 4. Restart system to ensure changes take effect.
🔧 Temporary Workarounds
Restrict DLL search paths
windowsUse Windows policies or application controls to restrict DLL loading from untrusted directories
Use Windows AppLocker or Software Restriction Policies to block DLL execution from user-writable directories
Remove vulnerable software
windowsUninstall Intel MPI Library if not required
Control Panel > Programs > Uninstall Intel MPI Library
🧯 If You Can't Patch
- Implement strict file system permissions to prevent users from writing to application directories
- Monitor for suspicious DLL loading events and file creation in application paths
🔍 How to Verify
Check if Vulnerable:
Check Intel MPI Library version: Open Intel MPI Library installation directory and check version in properties or documentationCheck Version:
Check program files\Intel\MPI directory for version information or run 'mpiexec --version' if configuredVerify Fix Applied:
Verify installed version is 2021.16 or later and test MPI functionality works correctly📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Process creation from unusual locations, DLL loading from user directories
- Security logs: Unauthorized file creation in program directories
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Process creation where parent process is Intel MPI executable and image path contains user directories