Intel Network Adapter Driver Privilege Escalation (INTEL-SA-01293/CVE-2025-20104)

Critical Vulnerability Information Vulnerability Overview Intel ID: INTEL-SA-01293 Category: Software Impact: Privilege Escalation Severity: High Initial Release: May 13, 2025 Last Revised: May 13, 2025 Vulnerability Details CVE-2025-20104 - Description: In certain Intel® Network Adapter software management tools, versions prior to 29.4 may contain a privilege escalation vulnerability, allowing an authenticated user to potentially escalate privileges via local access. - CVSS Base Score: 7.8 (High) - CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2025-20108 - Description: In certain Intel® Network Adapter driver installers for Windows 11, versions prior to 29.4 may contain uncontrolled search path elements, allowing an authenticated user to potentially escalate privileges via local access. - CVSS Base Score: 5.7 (Medium) - CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products Intel® Network Adapter Driver for Microsoft Windows 11 (versions prior to 29.4) Administrative Tools for Intel® Network Adapters (versions prior to 29.4) Intel® Ethernet Adapter Complete Driver Pack (versions prior to 29.4) Recommended Actions Update Intel® Network Adapter Driver for Microsoft Windows 11 to version 29.4 or later. Update Administrative Tools for Intel® Network Adapters to version 29.4 or later. Update Intel® Ethernet Adapter Complete Driver Pack to version 29.4 or later. Acknowledgments Thank you to Aobo Wang of Chaitin Security Research Lab and @simOnsecurity for reporting these issues.

Goal Reached Thanks to every supporter — we hit 100%!

Intel Network Adapter Driver Privilege Escalation (INTEL-SA-01293/CVE-2025-20104)