Sign-up

ID

VAR-202602-0957


CVE

CVE-2025-27243


TITLE

Intel's Intel Ethernet Controller Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690

DESCRIPTION

Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-27243 // JVNDB: JVNDB-2026-007690

AFFECTED PRODUCTS

vendor:intelmodel:ethernet controllerscope:ltversion:30.3

Trust: 1.0

vendor:インテルmodel:intel ethernet controllerscope:eqversion:30.3

Trust: 0.8

vendor:インテルmodel:intel ethernet controllerscope:eqversion: -

Trust: 0.8

vendor:インテルmodel:intel ethernet controllerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690 // NVD: CVE-2025-27243

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com: CVE-2025-27243
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-27243
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-27243
value: MEDIUM

Trust: 0.8

secure@intel.com: CVE-2025-27243
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 4.0
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-27243
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-27243
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690 // NVD: CVE-2025-27243 // NVD: CVE-2025-27243

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690 // NVD: CVE-2025-27243

PATCH

title:INTEL-SA-01171url:https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690

EXTERNAL IDS

db:NVDid:CVE-2025-27243

Trust: 2.6

db:JVNDBid:JVNDB-2026-007690

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690 // NVD: CVE-2025-27243

REFERENCES

url:https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-27243

Trust: 0.8

sources: JVNDB: JVNDB-2026-007690 // NVD: CVE-2025-27243

SOURCES

db:JVNDBid:JVNDB-2026-007690
db:NVDid:CVE-2025-27243

LAST UPDATE DATE

2026-03-19T23:44:03.125000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-007690date:2026-03-18T04:29:00
db:NVDid:CVE-2025-27243date:2026-03-17T15:44:31.833

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-007690date:2026-03-18T00:00:00
db:NVDid:CVE-2025-27243date:2026-02-10T17:16:14.183