CVE-2025-27710

11.11.2025, 17:15

Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an information disclosure. System software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
intel	CNA	6.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-822 - Untrusted Pointer Dereference
The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01373.html