Intel Connectivity Performance Suite Privilege Escalation Vulnerability (CVE-2025-20074) Advisory

Key Information Intel ID: INTEL-SA-01286 Advisory Category: Software Impact of Vulnerability: Escalation of Privilege Severity Rating: High Original Release: 06/12/2023 Last Revision: 06/12/2023 Summary A potential security vulnerability in some Intel® Connectivity Performance Suite software installers may allow privilege escalation. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details CVE-ID: CVE-2025-20074 Description: Time-of-check Time-of-use race condition in some Intel® Connectivity Performance Suite software installers prior to version 40.24.11210 may allow an authenticated user to potentially achieve privilege escalation via local access. CVSS Base Score 3.1: 7.8 High CVSS Vector 3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Base Score 4.0: 7.3 High CVSS Vector 4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/V:C/I:H/A:H/SC:N/SI:N/SA:N Affected Products Intel® Connectivity Performance Suite software prior to Version 40.24.11210. Recommendation Intel recommends updating Intel® Connectivity Performance Suite software to version 40.24.11210 or later. Updates are available for download at: https://www.intel.com/content/www/us/en/download/738623 Acknowledgements Intel would like to thank Julian Horowitz (Golden Red Team) for reporting this issue.

Goal Reached Thanks to every supporter — we hit 100%!

Intel Connectivity Performance Suite Privilege Escalation Vulnerability (CVE-2025-20074) Advisory