CVE-2025-35971 is a vulnerability identified in Intel PROSet/Wireless WiFi Software for Windows prior to version 23.160. The flaw is an out-of-bounds write occurring within the device driver operating at Ring 2 privilege level, which is a core kernel mode level in Windows. This vulnerability can be triggered by an unprivileged, unauthenticated attacker who has adjacent network access—meaning the attacker must be on the same local network segment or have direct network proximity to the target device. The attack complexity is low, and no user interaction is required, making exploitation straightforward once the attacker has network adjacency. The out-of-bounds write can cause a denial of service by crashing or rebooting the affected system, severely impacting availability. The vulnerability does not compromise confidentiality and only minimally affects integrity, as it does not allow code execution or data manipulation beyond causing system instability. The CVSS 4.0 vector indicates no privileges required (PR:N), no user interaction (UI:N), and no scope change (S:U), with high impact on availability (VA:H) and low impact on integrity (VI:L). No special internal knowledge is needed, but the attacker must have adjacent access, which limits remote exploitation over the internet. No public exploits have been reported yet, but the vulnerability is classified as high severity and should be addressed promptly. Intel has reserved the CVE and published the vulnerability details, but no patch links are currently provided, indicating that affected users should monitor for updates and apply them as soon as they are released.

For European organizations, this vulnerability poses a significant risk to system availability, particularly in environments relying heavily on Intel wireless adapters and the PROSet/Wireless WiFi Software on Windows platforms. Critical sectors such as finance, healthcare, manufacturing, and government services could experience service disruptions if attackers exploit this flaw to cause system crashes or reboots. The requirement for adjacent network access means that attackers could exploit this vulnerability from within the same local network, which is a realistic threat in enterprise environments with many connected devices or in public WiFi scenarios. The low impact on confidentiality and integrity reduces the risk of data breaches or unauthorized data modification, but the high availability impact could lead to operational downtime, loss of productivity, and potential cascading effects on dependent systems. Since no authentication or user interaction is required, the attack surface is broad within local networks. The absence of known exploits in the wild currently lowers immediate risk but does not eliminate the threat, especially as attackers may develop exploits once patches are released. European organizations should consider this vulnerability critical to address to maintain operational continuity and network reliability.

1. Monitor Intel’s official channels for the release of version 23.160 or later of the PROSet/Wireless WiFi Software and apply updates immediately upon availability. 2. Implement network segmentation to restrict access to wireless network segments, limiting adjacent access to trusted devices only. 3. Employ network access control (NAC) solutions to enforce device authentication and reduce the risk of unauthorized devices gaining adjacent network access. 4. Use endpoint detection and response (EDR) tools to monitor for unusual system crashes or reboots that could indicate exploitation attempts. 5. Disable or restrict the use of vulnerable wireless drivers on critical systems until patches are applied, if feasible. 6. Educate IT staff about the vulnerability and ensure incident response plans include steps for handling potential DoS attacks targeting wireless drivers. 7. Regularly audit wireless network configurations and driver versions across the organization to identify and remediate vulnerable systems proactively. 8. Consider deploying intrusion detection systems (IDS) tuned to detect anomalous traffic patterns indicative of adjacent network attacks.