CVE-2025-35967 in PROSet
Summary
by MITRE • 11/11/2025
Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 11/11/2025
This vulnerability affects Intel PROSet/Wireless WiFi Software for Windows versions prior to 23.160 and represents a critical out-of-bounds read condition within the device driver component operating in Ring 2 privileges. The flaw exists in the wireless network driver implementation that handles WiFi communication protocols and configuration management. Attackers can exploit this vulnerability through adjacent network access without requiring authentication or user interaction, making it particularly dangerous in environments where unauthorized access to wireless networks is possible. The vulnerability operates at the kernel level within device drivers, which means it can potentially escalate privileges or cause system instability when triggered. This type of flaw falls under CWE-129, which specifically addresses out-of-bounds read conditions in software implementations.
The technical exploitation of this vulnerability occurs when the wireless driver processes malformed or unexpected input data from network communications or configuration parameters. The out-of-bounds read allows an attacker to access memory locations outside the intended buffer boundaries, potentially causing system crashes or allowing for information disclosure. Since the vulnerability operates within Ring 2 device drivers, it can directly manipulate system resources and potentially bypass standard security mechanisms that operate at higher privilege levels. This type of attack vector aligns with ATT&CK technique T1068 which covers local privilege escalation through kernel exploits, though in this case the impact is primarily denial of service rather than privilege escalation. The attack complexity is rated as low since it requires minimal technical expertise and can be executed remotely through adjacent network access.
The operational impact of this vulnerability manifests as a denial of service condition that can render wireless network functionality completely inoperative on affected systems. When triggered, the vulnerable driver component crashes or becomes unresponsive, preventing legitimate wireless network connections and potentially causing system instability. The availability impact is rated as high since network connectivity is completely disrupted, affecting both enterprise and consumer devices that rely on Intel's wireless networking stack. While the vulnerability does not directly impact confidentiality or integrity according to the description, the system-wide denial of service can create cascading effects throughout network infrastructure and business operations. Organizations running affected versions of Intel PROSet/Wireless software may experience complete wireless network outages, requiring manual intervention to restore functionality and potentially causing productivity losses.
Mitigation strategies for this vulnerability should focus on immediate software updates to version 23.160 or later, which contain patches addressing the out-of-bounds read condition. System administrators should implement comprehensive patch management procedures to ensure all affected devices receive updates promptly. Network segmentation and access controls should be strengthened to limit adjacent network access where possible, reducing the attack surface for this vulnerability. Monitoring solutions should be deployed to detect unusual network traffic patterns or system crashes that might indicate exploitation attempts. Additional defensive measures include implementing endpoint detection and response tools that can identify anomalous driver behavior and potential exploitation attempts. Organizations should also consider disabling wireless networking capabilities on systems where they are not required, reducing the attack surface for this and similar vulnerabilities. The vulnerability demonstrates the importance of maintaining current device driver versions and implementing robust security monitoring for kernel-level components.