CVE-2025-27535

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27535
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:intel:ethernet_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:ethernet_connection_e825-c:-:*:*:*:*:*:*:*
History

17 Mar 2026, 15:45

Type Values Removed Values Added
CPE cpe:2.3:a:intel:ethernet_controller:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:ethernet_connection_e825-c:-:*:*:*:*:*:*:*
References () https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html - () https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html - Vendor Advisory
Summary
  • (es) Ioctl expuesto con control de acceso insuficiente en el firmware para algunas Intel(R) Ethernet Connection E825-C. antes de la versión NVM ver. 3.84 dentro del Anillo 0: Un SO Bare Metal puede permitir una denegación de servicio. Un adversario de software del sistema con un usuario privilegiado combinado con un ataque de alta complejidad puede habilitar la denegación de servicio. Este resultado puede ocurrir potencialmente a través de acceso local cuando los requisitos de ataque están presentes sin conocimiento interno especial y no requiere interacción del usuario. La vulnerabilidad potencial puede impactar la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (alta) del sistema vulnerable, resultando en impactos subsiguientes en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema.
First Time Intel ethernet Controller
Intel ethernet Connection E825-c
Intel

10 Feb 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-10 17:16

Updated : 2026-03-17 15:45

NVD link : CVE-2025-27535

Mitre link : CVE-2025-27535

CVE.ORG link : CVE-2025-27535

JSON object : View

Products Affected

intel

  • ethernet_connection_e825-c
  • ethernet_controller
CWE
CWE-782

Exposed IOCTL with Insufficient Access Control