CVE-2025-24299

High

Published: 11 November 2025

Published

11 November 2025

Modified

26 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 26.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24299 is a high-severity Improper Input Validation (CWE-20) vulnerability in Intel Computing Improvement Program. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of all inputs to prevent exploitation of the improper input validation vulnerability (CWE-20) in Intel CIP user applications.

SI-2 Flaw Remediation good match

prevent

Ensures timely flaw remediation by requiring updates to the affected Intel CIP software version WIN_DCA_2.4.0.11001 or later as specified in the advisory.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to limit the scope and impact of potential privilege escalation from unprivileged authenticated user contexts.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability explicitly enables escalation of privilege through improper input validation exploitation in user-mode software, directly mapping to T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege.…

This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Deeper analysisAI

CVE-2025-24299 is an improper input validation vulnerability (CWE-20) in certain Intel(R) CIP software versions prior to WIN_DCA_2.4.0.11001, specifically within Ring 3 User Applications. This flaw may allow an escalation of privilege.

An unprivileged software adversary with authenticated user privileges can exploit the vulnerability using a low-complexity attack, potentially via network access without special internal knowledge or user interaction. Exploitation enables escalation of privilege with high impacts to confidentiality, integrity, and availability, earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Intel's security advisory INTEL-SA-01328, available at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01328.html, addresses the issue. Mitigation requires updating the affected Intel(R) CIP software to version WIN_DCA_2.4.0.11001 or later.