CVE-2025-27707

Vulnerability

Overview

The vulnerability resides in Edge Orchestrator software for the Intel(R) Tiber(TM) Edge Platform, affecting versions before 24.11.1. The root cause is an exposure of sensitive information to an unauthorized actor, which under specific conditions can be leveraged by an authenticated user to cause a denial of service [1].

Exploitation

Conditions

Exploitation requires the attacker to be authenticated and within adjacent network access to the affected system. The attack vector is classified as adjacent, meaning the attacker must be on the same broadcast or collision domain (e.g., same Wi-Fi network or physical subnet) [1]. No privileges beyond standard user authentication are needed, but the attack complexity is considered high (CVSS 2.6) [1].

Impact

A successful exploit enables the authenticated user to trigger a denial of service condition. While the CVSS severity is rated Low due to the high complexity and adjacent access requirement, the confidentiality impact from the initial information exposure is also considered partial [1].

Mitigation

Intel has released Edge Orchestrator version 24.11.1 to address this vulnerability. Users are advised to update to the latest version as recommended in the Intel Security Advisory INTEL-SA-01317 [1]. No workarounds or interim fixes have been published.