CVE-2025-24491 is a vulnerability in Intel(R) Killer(TM) Performance Suite software prior to version 4.0 40.25.509.1465, caused by an uncontrolled search path in user-mode applications (Ring 3). This flaw allows an attacker with local access and low privileges, who is authenticated on the system, to escalate their privileges by exploiting the way the software loads or searches for resources or DLLs. The vulnerability requires a high complexity attack and active user interaction, indicating that the attacker must trick the user into performing some action or executing malicious code. The uncontrolled search path can lead to loading malicious components instead of legitimate ones, enabling privilege escalation. The CVSS 4.0 base score is 5.4 (medium), reflecting the local attack vector, high attack complexity, required privileges, and user interaction. The vulnerability impacts confidentiality, integrity, and availability at a high level if successfully exploited, potentially allowing attackers to gain elevated rights and control over the system. No special internal knowledge is required beyond local access and authentication, but the attack is not trivial. No known exploits have been reported in the wild as of the publication date. The vulnerability affects all versions of Intel Killer Performance Suite before 4.0 40.25.509.1465, which is software commonly installed on gaming and high-performance network devices, primarily on Windows platforms.

If exploited, this vulnerability could allow an attacker with local, authenticated access to escalate their privileges, potentially gaining administrative or SYSTEM-level rights. This elevated access could lead to unauthorized access to sensitive data (confidentiality impact), unauthorized modification or deletion of system files and configurations (integrity impact), and disruption or denial of service of network performance features (availability impact). Organizations relying on Intel Killer Performance Suite for network optimization, especially in gaming or performance-critical environments, could see compromised system security and stability. The requirement for local access and user interaction limits remote exploitation but insider threats or malware operating with user privileges could leverage this vulnerability. The medium severity and complexity suggest targeted attacks rather than widespread automated exploitation. However, successful exploitation could facilitate further lateral movement or persistence within affected environments.

1. Upgrade Intel(R) Killer(TM) Performance Suite software to version 4.0 40.25.509.1465 or later, where this vulnerability is fixed. 2. Restrict local user permissions to the minimum necessary to reduce the risk of privilege escalation. 3. Educate users to avoid executing unknown or suspicious files and to be cautious with prompts requiring interaction. 4. Employ application whitelisting to prevent unauthorized or malicious executables from running. 5. Monitor systems for unusual privilege escalation attempts or anomalous behavior related to the Killer Performance Suite processes. 6. Use endpoint detection and response (EDR) tools to detect and block exploitation attempts. 7. Limit local access to trusted personnel and enforce strong authentication controls to reduce the risk of malicious insiders exploiting this vulnerability. 8. Regularly audit installed software versions and patch promptly to reduce exposure windows.