Detections
Analytics

Intel oneAPI Base Toolkit < 2025.1.0 Multiple Vulnerabilities

medium Nessus Plugin ID 250289

Language:

Synopsis

The remote Windows host contains a library that is affected by multiple vulnerabilities.

Description

Multiple vulnerabilities exist in Intel oneAPI Base Toolkit versions prior to 2025.1.0. See vendor advisory for more details.

- Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. (CVE-2025-31931)

 - Incorrect default permissions for some Intel® oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20087)

 - Uncontrolled search path for some Intel® oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20017)

 - Uncontrolled search path for some Intel® oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20627)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Intel oneAPI Base Toolkit 2025.1.0 or later.

See Also

http://www.nessus.org/u?ddd56443

http://www.nessus.org/u?c187672a

http://www.nessus.org/u?c1858d4a

Plugin Details

Severity: Medium

ID: 250289

File Name: intel_oneapi_base_toolkit_2025_1_0.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 8/15/2025

Updated: 12/3/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-31931

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2025-31931

Vulnerability Information

CPE: cpe:/a:intel:oneapi_base_toolkit

Required KB Items: installed_sw/oneAPI Base Toolkit

Patch Publication Date: 8/12/2025

Vulnerability Publication Date: 8/12/2025

Reference Information

CVE: CVE-2025-20017, CVE-2025-20056, CVE-2025-20087, CVE-2025-20627, CVE-2025-31931

IAVA: 2025-A-0588, 2025-A-0862