External Control of File Name or Path

CVE-2025-20614

Medium

5.6/10

Summary

External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

Advisory Timeline

Published Nov 11, 2025

External Control of File Name or Path

CVE-2025-20614

Summary

CWE-73 - External Control of File Name or Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS