CVE-2025-27537

Vulnerability

Overview CVE-2025-27537 is an improper input validation vulnerability in Intel Edge Orchestrator software for the Intel Tiber Edge Platform, affecting versions prior to 24.11.1. The root cause is insufficient validation of user-supplied input, which can be leveraged by an authenticated user to trigger an escalation of privilege. This flaw resides in the orchestration layer that manages edge devices and configurations.

Exploitation

Conditions Exploitation requires an authenticated user with adjacent network access—meaning the attacker must be on the same local network segment as the affected Edge Orchestrator instance. No additional authentication bypass or special privileges are needed beyond a valid user account. The attack vector is adjacent, limiting the attack surface to local network environments.

Impact

Successful exploitation could allow an attacker to gain elevated privileges within the Edge Orchestrator software, potentially leading to unauthorized control over orchestrated edge devices, configuration changes, or access to sensitive data. The CVSS v3 base score of 5.5 (Medium) reflects the need for authentication and adjacent access, but the privilege escalation could have significant operational consequences.

Mitigation

Intel has addressed this vulnerability in Edge Orchestrator version 24.11.1. Users are advised to update to this or later versions. No workarounds are documented. The official advisory (INTEL-SA-01317) provides further details and links to the update [1].