CVE-2025-22849 is an escalation of privilege vulnerability found in Intel Optane Persistent Memory (PMem) management software prior to versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, and CR_MGMT_03.00.00.0538. The root cause is incorrect default permissions set within the software operating in Ring 3 (user space), which allows an unprivileged but authenticated local user to escalate their privileges. Exploitation requires local access and active user interaction, with a high complexity attack vector, but does not require special internal knowledge. The vulnerability impacts the confidentiality, integrity, and availability of the vulnerable system at a high level, meaning an attacker could potentially gain unauthorized access to sensitive data, modify system state, or disrupt system operations within the local environment. However, the impact does not extend beyond the local system to other systems or networks. The CVSS 4.0 base score is 5.4, reflecting medium severity, with attack vector local, attack complexity high, privileges required low, and user interaction required. No known exploits are currently reported in the wild. This vulnerability primarily affects environments using Intel Optane PMem management software, which is commonly deployed in enterprise and data center environments to manage persistent memory modules that enhance storage and memory performance.

For European organizations, the vulnerability poses a risk primarily to systems utilizing Intel Optane Persistent Memory technology, which is prevalent in high-performance computing, data centers, and enterprise servers. Successful exploitation could allow an attacker with local authenticated access to escalate privileges, potentially leading to unauthorized access to sensitive data, modification of critical system configurations, or disruption of system availability. This could impact confidentiality, integrity, and availability of critical systems, especially in sectors such as finance, telecommunications, research institutions, and government agencies that rely on Intel Optane PMem for performance optimization. While the attack requires local access and user interaction, insider threats or compromised user accounts could leverage this vulnerability to gain elevated privileges. The medium severity rating indicates a moderate risk, but the potential for high impact on critical systems necessitates proactive mitigation. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

1. Apply official patches from Intel as soon as they become available for the affected Optane PMem management software versions. 2. Restrict local user permissions rigorously to minimize the number of users with authenticated local access to systems running the vulnerable software. 3. Implement strict access controls and monitoring on systems with Intel Optane PMem to detect unusual privilege escalation attempts or suspicious user activities. 4. Use endpoint detection and response (EDR) solutions to identify and respond to potential exploitation attempts in real time. 5. Conduct regular audits of user permissions and software configurations to ensure default permissions are not overly permissive. 6. Educate users about the risks of interacting with untrusted software or executing unknown commands that could facilitate exploitation. 7. Employ network segmentation to limit lateral movement from compromised local accounts. 8. Maintain up-to-date inventories of hardware and software to quickly identify systems running vulnerable versions.