CVE-2025-36511

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01414.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Permisos predeterminados incorrectos para algunas herramientas Intel(R) Memory and Storage Tool anteriores a la versión 2.5.2 dentro del Anillo 3: Aplicaciones de Usuario pueden permitir una escalada de privilegios. Un adversario de software del sistema con un usuario autenticado combinado con un ataque de alta complejidad puede habilitar la escalada de privilegios. Este resultado puede ocurrir potencialmente a través de acceso local cuando los requisitos de ataque están presentes sin conocimiento interno especial y requiere interacción activa del usuario. La potencial vulnerabilidad puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, lo que resulta en impactos posteriores en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema.

10 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-10 17:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-36511

Mitre link : CVE-2025-36511

CVE.ORG link : CVE-2025-36511

JSON object : View

Products Affected

No product.

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-36511", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}], "cvssMetricV40": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-10T17:16:18.230", "references": [{"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01414.html", "source": "secure@intel.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."}, {"lang": "es", "value": "Permisos predeterminados incorrectos para algunas herramientas Intel(R) Memory and Storage Tool anteriores a la versi\u00f3n 2.5.2 dentro del Anillo 3: Aplicaciones de Usuario pueden permitir una escalada de privilegios. Un adversario de software del sistema con un usuario autenticado combinado con un ataque de alta complejidad puede habilitar la escalada de privilegios. Este resultado puede ocurrir potencialmente a trav\u00e9s de acceso local cuando los requisitos de ataque est\u00e1n presentes sin conocimiento interno especial y requiere interacci\u00f3n activa del usuario. La potencial vulnerabilidad puede impactar la confidencialidad (alta), integridad (alta) y disponibilidad (alta) del sistema vulnerable, lo que resulta en impactos posteriores en la confidencialidad (ninguna), integridad (ninguna) y disponibilidad (ninguna) del sistema."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "secure@intel.com"}