Vulnerability in Intel(r) Server Configuration Utility Software And Firmware Update

CVE-2025-24918

Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow…

EPSS: 0.001 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

  • N/a Intel(r) Server Configuration Utility Software And Firmware Update — versions before version 16.0.12.

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-24918?
CVE-2025-24918 is a medium-severity vulnerability in Intel(r) Server Configuration Utility Software And Firmware Update, classified under Improper Link Resolution Before File Access. CVSS score: 6.7/10. Published 2025-11-11.
How severe is CVE-2025-24918?
Medium severity. CVSS v3 base score is 6.7 out of 10.