CVE-2025-33029

Vulnerability

Overview

CVE-2025-33029 describes an out-of-bounds write vulnerability in Intel(R) PROSet/Wireless WiFi Software for Windows, affecting versions prior to 23. The issue resides within Ring 2: Device Drivers, indicating a flaw in kernel-mode driver code that handles wireless operations. The root cause is a lack of proper bounds checking when processing certain inputs, leading to a write operation that exceeds the allocated memory buffer [1].

Exploitation

Conditions

An unprivileged software adversary can exploit this vulnerability without authentication, requiring only adjacent network access (e.g., within Wi-Fi range). The attack complexity is low, and no user interaction is needed. The attacker does not require special internal knowledge of the target system, making the attack vector accessible to a wide range of threat actors [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, impacting system availability with high severity. The vulnerability does not affect confidentiality or integrity, as the out-of-bounds write is limited to causing a crash or hang rather than data corruption or disclosure. The CVSS v3 base score is 7.4 (High), reflecting the ease of exploitation and the significant availability impact [1].

Mitigation

Intel has addressed this vulnerability in PROSet/Wireless WiFi Software version 23.160 and later. Users are advised to update their drivers to the latest version available through Intel's support channels or Windows Update. No workarounds are documented, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog [1].