Detections
Analytics
Intel oneAPI Base Toolkit < 2025.1.0 Multiple Vulnerabilities
medium Nessus Plugin ID 250289
Language:
Synopsis
The remote Windows host contains a library that is affected by multiple vulnerabilities.Description
Multiple vulnerabilities exist in Intel oneAPI Base Toolkit versions prior to 2025.1.0. See vendor advisory for more details.- Incorrect default permissions for some Intel® oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20087)
- Uncontrolled search path for some Intel® oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20017)
- Uncontrolled search path for some Intel® oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20627)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Intel oneAPI Base Toolkit 2025.1.0 or later.See Also
Plugin Details
Severity: Medium
ID: 250289
File Name: intel_oneapi_base_toolkit_2025_1_0.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 8/15/2025
Updated: 8/15/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-20087
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2025-20087
Vulnerability Information
CPE: cpe:/a:intel:oneapi_base_toolkit
Required KB Items: installed_sw/oneAPI Base Toolkit
Patch Publication Date: 8/12/2025
Vulnerability Publication Date: 8/12/2025
Reference Information
CVE: CVE-2025-20017, CVE-2025-20087, CVE-2025-20627
IAVA: 2025-A-0588