PT-2025-46399 · Intel · Intel(R) Server Firmware Update Utility+1
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-24918
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software versions prior to 16.0.12
Description
A flaw exists in link resolution before file access ('link following') within Ring 3: User Applications, potentially allowing an escalation of privilege. A local attacker with authenticated user access and a high complexity attack may exploit this issue. The potential impact includes confidentiality, integrity, and availability of the vulnerable system.
Recommendations
Update Intel(R) Server Configuration Utility and Intel(R) Server Firmware Update Utility to version 16.0.12 or later.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intel Server Configuration Utility
Intel(R) Server Firmware Update Utility