CVE-2025-27246

# CVE-2025-27246 PoC - Intel Processor Identification Utility Privilege Escalation # This PoC demonstrates checking for vulnerable permissions import os import subprocess import sys def check_vulnerable_permissions(): """Check if Intel Processor Identification Utility has incorrect permissions""" # Common installation paths for Intel Processor Identification Utility paths = [ r"C:\Program Files\Intel\Processor Identification Utility\ProcessorID.exe", r"C:\Program Files (x86)\Intel\Processor Identification Utility\ProcessorID.exe", r"C:\Program Files\Intel\Intel(R) Processor Identification Utility\ProcessorID.exe" ] vulnerable = False for path in paths: if os.path.exists(path): print(f"[+] Found Intel Processor Identification Utility at: {path}") # Check file permissions using icacls (Windows built-in) try: result = subprocess.run(['icacls', path], capture_output=True, text=True) print(f"[i] Current permissions:\n{result.stdout}") # Check if Everyone or Users group has full control or modify permissions if 'Everyone:(F)' in result.stdout or 'Everyone:(M)' in result.stdout: print(f"[!] VULNERABLE: Everyone has full/modify access to {path}") vulnerable = True elif 'Users:(F)' in result.stdout or 'Users:(M)' in result.stdout: print(f"[!] VULNERABLE: Users have full/modify access to {path}") vulnerable = True else: print(f"[+] Permissions appear to be properly configured") except Exception as e: print(f"[-] Error checking permissions: {e}") return vulnerable def main(): print("=" * 60) print("CVE-2025-27246 - Intel Processor Identification Utility") print("Incorrect Default Permissions - Privilege Escalation Check") print("=" * 60) if sys.platform != 'win32': print("[-] This PoC is designed for Windows systems only") return is_vulnerable = check_vulnerable_permissions() print("\n" + "=" * 60) if is_vulnerable: print("[!] System is VULNERABLE to CVE-2025-27246") print("[!] Recommendation: Update Intel Processor Identification Utility to version 8.0.43 or later") else: print("[+] System does not appear to be vulnerable") print("=" * 60) if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-27246", "sourceIdentifier": "[email protected]", "published": "2025-11-11T17:15:45.063", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01334.html", "source": "[email protected]"}]}}