The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in the Intel® Optane™ Persistent Memory (PMem) management software may allow esclation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details: 

CVEID:  CVE-2025-22849

Description: Incorrect default permissions for the Intel® Optane™ PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID:  CVE-2025-20070

Description: Improper conditions check for the Intel® Optane™ PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable [cvss_threat_loss_factor]. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® Optane™ PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538.

Recommendation:

Intel recommends updating Intel® Optane™ PMem management software to versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 or later.

Updates are available for download at these locations:

• CR_MGMT_01.00.00.3584, CR_MGMT_03.00.00.0538: 
  
  https://github.com/intel/ipmctl/releases

Intel recommends updating to CR_MGMT_02.00.00.4052 or the latest version linked in theIntel IPU 2026.1 Update Guidance document. Availability dates will be updated regularly and can be found in the 2026.1 IPU Update Guidance tab. Note: CR_MGMT_02.00.00.4052 is only applicable for Windows operating system.

Intel has issued a product discontinuation notice for Intel® Optane™ PMem 100 Series management software.  As of June 30, 2025, the Intel® Optane™ PMem 100 Series management software is not supported with any additional functional, security, or other updates. Intel recommends that users discontinue use and migrate to the newer generation product listed in Recommendations as soon as possible.

https://www.intel.com/content/www/us/en/content-details/831078

Acknowledgements:

Intel would like to thank @sim0nsecurity (CVE-2025-20070) and Mohamed Amine Saidani (CVE-2025-22849) for reporting these issues. 

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.