CVE-2025-35967 is a vulnerability identified in Intel PROSet/Wireless WiFi Software for Windows, specifically affecting versions before 23.160. The flaw is an out-of-bounds read occurring within the device driver layer (Ring 2), which can be triggered by an unauthenticated, unprivileged attacker with adjacent network access. This means an attacker located on the same local network segment can exploit the vulnerability without requiring user interaction or special internal knowledge. The attack complexity is low, making exploitation feasible with minimal effort. The vulnerability leads to a denial of service (DoS) condition by causing the affected system to become unavailable, impacting the availability of the wireless networking functionality and potentially the entire system if critical network services depend on it. The vulnerability does not compromise confidentiality or integrity, as it does not allow data leakage or unauthorized modification. The CVSS 4.0 score of 7 reflects a high severity, driven by the ease of exploitation, lack of required privileges, and the significant impact on availability. No known exploits have been reported in the wild as of the publication date, but the potential for disruption in environments relying on Intel wireless drivers is significant. The vulnerability is particularly relevant for enterprise and critical infrastructure environments where wireless connectivity is essential for operations.

For European organizations, the primary impact is the potential for denial of service on systems using vulnerable Intel PROSet/Wireless WiFi drivers. This can disrupt wireless network connectivity, affecting business continuity, especially in environments relying heavily on wireless access for critical operations such as healthcare, finance, manufacturing, and public services. The unavailability of wireless services could lead to operational downtime, loss of productivity, and increased support costs. Since the vulnerability does not affect confidentiality or integrity, data breaches or unauthorized data manipulation are not direct concerns. However, the disruption of availability can indirectly affect service delivery and compliance with regulations requiring continuous service availability. Organizations with large deployments of Windows devices using Intel wireless hardware are at higher risk. The lack of required authentication and user interaction means that attackers can exploit this vulnerability remotely from the same network segment, increasing the threat surface in shared or public wireless environments.

The most effective mitigation is to update Intel PROSet/Wireless WiFi Software to version 23.160 or later, where the vulnerability is addressed. Organizations should prioritize patch management for all affected systems, especially those in critical roles. In environments where immediate patching is not feasible, network segmentation should be implemented to restrict adjacent network access to vulnerable devices, limiting exposure to potential attackers. Employing network access controls such as VLANs, NAC solutions, or firewall rules can help isolate vulnerable wireless clients. Monitoring network traffic for unusual activity around wireless interfaces may provide early detection of exploitation attempts. Additionally, educating IT staff about the vulnerability and ensuring that endpoint security solutions are up to date can help mitigate risk. Regular audits of wireless driver versions across the enterprise will aid in identifying unpatched systems. Finally, organizations should maintain an incident response plan to quickly address any denial of service events related to this vulnerability.