CVE-2025-24921 is a medium-severity information disclosure vulnerability affecting the Edge Orchestrator software running on the Intel® Tiber™ Edge Platform, specifically versions before 24.11.1. The vulnerability arises from improper neutralization of inputs or data handling within the software, which can be exploited by an unauthenticated attacker with adjacent access to the system. Adjacent access typically means the attacker must be on the same local network segment or have some form of network proximity to the target device. The flaw allows the attacker to potentially gain unauthorized access to sensitive information managed or processed by the Edge Orchestrator software. The vulnerability does not require privileges or authentication, but does require some user interaction, as indicated by the CVSS vector (UI:P). The impact is limited to confidentiality, with no direct impact on integrity or availability. The vulnerability is not currently known to be exploited in the wild, and no public exploits have been reported. Intel has reserved the CVE and published it with a CVSS 4.0 score of 6.9, reflecting a medium severity level. The Edge Orchestrator software is a key component in managing edge computing resources on the Intel Tiber platform, which is used in industrial, telecommunications, and enterprise edge deployments. This vulnerability could allow attackers to glean sensitive operational or configuration data, potentially aiding further attacks or reconnaissance activities.

For European organizations, the impact of this vulnerability depends on their deployment of Intel Tiber Edge Platforms running the affected Edge Orchestrator software versions. Organizations in sectors such as manufacturing, telecommunications, smart cities, and critical infrastructure that utilize edge computing for real-time data processing and operational control could be at risk. Information disclosure could expose sensitive operational data, network configurations, or credentials that may facilitate lateral movement or targeted attacks. While the vulnerability does not directly compromise system integrity or availability, the leakage of confidential information could undermine trust, violate data protection regulations such as GDPR, and lead to compliance penalties. Additionally, attackers could leverage disclosed information to craft more sophisticated attacks, increasing the overall risk posture. Given the increasing adoption of edge computing in Europe, especially in industrial IoT and telecom sectors, this vulnerability could have a moderate operational and reputational impact if exploited.

To mitigate this vulnerability, European organizations should: 1) Immediately identify all Intel Tiber Edge Platform deployments running Edge Orchestrator software versions prior to 24.11.1. 2) Apply the official software update or patch from Intel as soon as it becomes available to remediate the vulnerability. 3) Restrict network access to Edge Orchestrator management interfaces by implementing network segmentation and access control lists to limit adjacent network exposure. 4) Employ strong monitoring and anomaly detection on edge network segments to detect unusual access patterns or data exfiltration attempts. 5) Use encryption and secure communication protocols for management traffic to reduce the risk of data interception. 6) Conduct regular security audits and vulnerability assessments on edge computing infrastructure to identify and remediate potential weaknesses proactively. 7) Educate operational technology (OT) and IT staff about the risks of adjacent network access and enforce strict physical and logical access controls to edge devices.