Skip to main content

CVE-2025-20026: Denial of Service in Intel(R) PROSet/Wireless WiFi Software for Windows

High
VulnerabilityCVE-2025-20026cvecve-2025-20026
Published: Tue May 13 2025 (05/13/2025, 21:01:40 UTC)
Source: CVE
Vendor/Project: n/a
Product: Intel(R) PROSet/Wireless WiFi Software for Windows

Description

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

AI-Powered Analysis

AILast updated: 07/06/2025, 15:56:31 UTC

Technical Analysis

CVE-2025-20026 is a high-severity vulnerability affecting Intel(R) PROSet/Wireless WiFi Software for Windows versions prior to 23.100. The issue is an out-of-bounds read vulnerability that can be triggered by an unauthenticated attacker via adjacent access, potentially leading to a denial of service (DoS) condition. An out-of-bounds read occurs when software reads data outside the boundaries of allocated memory, which can cause application crashes or system instability. In this case, the vulnerability allows an attacker to cause the affected wireless software to crash or become unresponsive, disrupting WiFi connectivity on the affected Windows systems. The CVSS 4.0 base score is 7.0, indicating a high severity level. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same local network segment or within wireless range to exploit the vulnerability. The attack complexity is high (AC:H), requiring specific conditions to be met, and no privileges or user interaction are required (PR:N, UI:N). The impact is primarily on availability (VA:H), with no impact on confidentiality or integrity. No known exploits are currently reported in the wild, and no patches or vendor advisories are linked yet. Intel PROSet/Wireless WiFi Software is widely used in enterprise and consumer environments to manage Intel wireless adapters on Windows platforms, making this vulnerability relevant for many organizations relying on Intel wireless hardware. The vulnerability could be exploited by attackers in close proximity to disrupt wireless network connectivity, potentially impacting business operations and productivity.

Potential Impact

For European organizations, this vulnerability poses a significant risk to network availability, especially in environments heavily reliant on Intel wireless adapters managed by the PROSet software. Industries such as finance, healthcare, manufacturing, and government agencies that depend on stable wireless connectivity for critical operations could experience service disruptions. The denial of service could lead to loss of network access for employees, interruption of real-time communications, and potential cascading effects on other network-dependent systems. Since the attack requires adjacent network access, organizations with open or poorly segmented wireless networks are at higher risk. Additionally, public WiFi hotspots, corporate campuses, and shared office spaces in Europe could be targeted by attackers to cause localized wireless outages. Although no known exploits are currently active, the high severity and ease of triggering a DoS condition without authentication make it a credible threat. The impact is primarily on availability rather than data confidentiality or integrity, but availability disruptions can still cause significant operational and reputational damage.

Mitigation Recommendations

European organizations should prioritize updating Intel PROSet/Wireless WiFi Software to version 23.100 or later once patches become available from Intel. Until patches are released, organizations should implement network segmentation to isolate wireless management traffic and restrict access to trusted devices only. Employing strong wireless security protocols (WPA3) and disabling unnecessary wireless services can reduce the attack surface. Monitoring wireless network traffic for unusual patterns or repeated connection drops may help detect attempted exploitation. Organizations should also educate IT staff to recognize symptoms of this DoS attack and have contingency plans to switch to wired connections or alternative wireless hardware if disruptions occur. Additionally, limiting physical access to wireless networks and using network access control (NAC) solutions can help prevent unauthorized devices from exploiting this vulnerability. Regular vulnerability scanning and asset inventory to identify affected systems will aid in timely remediation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
intel
Date Reserved
2024-10-13T03:00:13.130Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aeca76

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 3:56:31 PM

Last updated: 8/14/2025, 12:25:44 PM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats