Detections
Analytics
Intel Killer Software < 40.25.509.1465 Escalation of Privilege (INTEL-SA-01377)
medium Nessus Plugin ID 297126
Synopsis
The remote host has a software suite installed that is affected by an escalation of privilege vulnerability.Description
The version of Intel Killer Software installed on the remote host is prior to 40.25.509.1465. It is, therefore, affected by an escalation of privilege vulnerability as referenced in the INTEL-SA-01377 advisory.- An uncontrolled search path vulnerability exists in some Intel Killer Performance Suite software. An unprivileged local attacker could exploit this by placing a malicious file in a specific search path, potentially allowing them to execute arbitrary code with elevated privileges. This vulnerability requires active user interaction and a high-complexity attack. This affects Intel Killer Software versions prior to 40.25.509.1465. (CVE-2025-24491)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Intel Killer Software version 40.25.509.1465 or later.See Also
Plugin Details
Severity: Medium
ID: 297126
File Name: intel_killer_performance_suite_CVE-2025-24491.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 1/29/2026
Updated: 1/29/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVSS v4
Risk Factor: Medium
Base Score: 5.4
Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:intel:killer_performance_suite
Required KB Items: installed_sw/Intel Killer Performance Suite, SMB/Registry/Enumerated
Exploit Ease: No known exploits are available
Patch Publication Date: 11/11/2025
Vulnerability Publication Date: 11/11/2025
Reference Information
CVE: CVE-2025-24491
CWE: 427
IAVA: 2025-A-0835