CVE-2025-27246 is an escalation of privilege vulnerability found in Intel(R) Processor Identification Utility versions prior to 8.0.43. The root cause is incorrect default permissions assigned to the utility when operating in Ring 3 (user application level), which can be exploited by a local authenticated user. The attacker must have low privileges and perform a high complexity attack that involves active user interaction, such as executing malicious code or manipulating the utility's processes. This vulnerability allows the attacker to escalate privileges locally, potentially gaining higher system rights than initially permitted. The vulnerability affects confidentiality, integrity, and availability within the scope of the vulnerable system, but does not propagate beyond it. The CVSS 4.0 base score is 5.4, reflecting medium severity, with attack vector local, high attack complexity, partial privileges required, and user interaction necessary. No special internal knowledge is required, but exploitation is non-trivial. No known exploits have been observed in the wild, and the vulnerability was published on November 11, 2025. The utility is primarily used on systems with Intel processors, and the flaw is mitigated by updating to version 8.0.43 or later where permissions are corrected.

The vulnerability allows an authenticated local user with low privileges to escalate their privileges on affected systems, potentially leading to unauthorized access to sensitive data, modification of system configurations, or disruption of system availability. The impact is confined to the local system and does not extend to remote exploitation. Confidentiality, integrity, and availability are all rated high within the vulnerable system context, meaning an attacker could fully compromise the system's security posture if successful. This could lead to unauthorized disclosure of sensitive information, unauthorized changes to system files or settings, and denial of service conditions. However, the requirement for local access, authentication, and high complexity attack reduces the likelihood of widespread exploitation. Organizations relying on Intel Processor Identification Utility in environments where users have local access are at risk, especially if they run outdated versions. The absence of known exploits in the wild suggests limited active threat but does not eliminate future risk.

1. Immediately update the Intel(R) Processor Identification Utility to version 8.0.43 or later, where the permission issues are resolved. 2. Restrict local user access to systems running the utility, especially limiting administrative or privileged access to trusted personnel only. 3. Implement strict file system permission policies to ensure that the utility and its related files are not writable or modifiable by low-privilege users. 4. Employ endpoint detection and response (EDR) solutions to monitor for unusual local privilege escalation attempts or suspicious activity involving the utility. 5. Educate users about the risks of executing untrusted code or interacting with suspicious prompts to reduce the risk of active user interaction exploitation. 6. Regularly audit installed software versions and permissions on critical systems to detect outdated or misconfigured utilities. 7. Consider application whitelisting to prevent unauthorized execution of modified or malicious versions of the utility. 8. Maintain up-to-date system patches and security configurations to reduce the attack surface for local privilege escalation.