CVE-2025-22895

Vulnerability

Overview

CVE-2025-22895 is a medium-severity information disclosure vulnerability affecting Edge Orchestrator software for Intel(R) Tiber™ Edge Platform. The root cause is a flaw that exposes sensitive information to an unauthorized actor, allowing an authenticated user to potentially enable information disclosure via local access [1]. The vulnerability has a CVSS v3 base score of 5.5, reflecting a moderate risk from local exploitation [1].

Exploitation

Prerequisites

To exploit this vulnerability, an attacker must first have valid authentication to the affected system. The attack vector is local access, meaning the attacker needs physical or interactive local access to the machine running the vulnerable Edge Orchestrator software [1]. No network-based exploitation is described, and no special privileges beyond standard user authentication are explicitly required by the advisory.

Impact

If successfully exploited, an authenticated local attacker could gain access to sensitive information that should otherwise be protected. The disclosure could include configuration data, credentials, or other secrets managed by the Edge Orchestrator, potentially leading to further compromise of the Tiber Edge Platform deployment.

Mitigation and

Status

Intel has released a security advisory (INTEL-SA-01239) with mitigations and fixed software versions [1]. Users and administrators are advised to apply the recommended update or follow the guidance provided in the advisory. No evidence of active exploitation in the wild has been reported as of the publication date.