Detections
Analytics
Intel HPC Toolkit Privilege Escalation Vulnerability (INTEL-SA-01386)
medium Nessus Plugin ID 277103
Language:
Synopsis
A software performance profiler application installed on the remote Windows host is affected by a privilege escalation vulnerability.Description
Intel® oneAPI HPC Toolkit is installed on the remote Windows host. It is, therefore, affected by an escalation of privilege vulnerability:- Uncontrolled search path for the Intel® oneAPI HPC Toolkit and 2025.2: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. (CVE-2025-35972)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Uninstall Intel Trace Analyzer and Collector.See Also
Plugin Details
Severity: Medium
ID: 277103
File Name: intel_hpc_toolkit_sa-01386.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 12/3/2025
Updated: 12/3/2025
Configuration: Enable thorough checks (optional)
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-35972
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS v4
Risk Factor: Medium
Base Score: 5.4
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:intel:oneapi_hpc_toolkit
Required KB Items: SMB/Registry/Enumerated, installed_sw/Intel HPC Toolkit
Patch Publication Date: 11/11/2025
Vulnerability Publication Date: 11/11/2025
Reference Information
CVE: CVE-2025-35972
IAVA: 2025-A-0862