CVE-2025-36511 is a vulnerability identified in Intel(R) Memory and Storage Tool versions before 2.5.2, involving incorrect default permissions assigned to certain user applications operating in Ring 3 (user mode). This misconfiguration allows a local authenticated user with limited privileges (low privilege) to escalate their privileges under conditions that require high attack complexity and active user interaction. The vulnerability does not require special internal knowledge, making it accessible to attackers with legitimate local access. The flaw primarily affects the confidentiality, integrity, and availability of the vulnerable system components managed by the Intel tool, potentially enabling unauthorized access or modification of memory and storage configurations. The CVSS 4.0 score is 5.4 (medium severity), reflecting local attack vector (AV:L), high attack complexity (AC:H), partial privileges required (PR:L), and user interaction (UI:A). The vulnerability does not affect system-wide confidentiality, integrity, or availability directly but could lead to further compromise if exploited. No public exploits have been reported, and the vulnerability was published on February 10, 2026. The Intel Memory and Storage Tool is widely used for managing Intel SSDs and storage devices, especially in enterprise and data center environments, making this vulnerability relevant for organizations relying on Intel storage solutions.

For European organizations, this vulnerability poses a risk primarily in environments where Intel Memory and Storage Tool is deployed to manage storage devices. Successful exploitation could allow a local authenticated user to gain elevated privileges, potentially leading to unauthorized access to sensitive data, modification of storage configurations, or disruption of storage services. This could impact confidentiality, integrity, and availability of critical data and systems, especially in sectors such as finance, healthcare, government, and critical infrastructure. Although exploitation requires local access and user interaction, insider threats or compromised user accounts could leverage this vulnerability to escalate privileges and move laterally within networks. The medium severity rating suggests a moderate risk, but the potential for chained attacks or further exploitation increases the threat level. Organizations with strict access controls and monitoring may reduce risk, but those with less mature endpoint security could be more vulnerable.

1. Immediately update Intel Memory and Storage Tool to version 2.5.2 or later, where the incorrect default permissions issue is resolved. 2. Restrict local user permissions on systems running the Intel tool to minimize the number of users with authenticated local access. 3. Implement strict endpoint security controls, including application whitelisting and privilege management, to prevent unauthorized execution of potentially malicious code. 4. Monitor local user activities and audit logs for unusual privilege escalation attempts or suspicious interactions with storage management tools. 5. Educate users about the risks of interacting with untrusted applications or executing unknown code, as user interaction is required for exploitation. 6. Employ network segmentation to limit lateral movement opportunities if a local compromise occurs. 7. Regularly review and harden default permissions on critical management tools and storage devices to prevent similar vulnerabilities.