Multiple vulnerabilities in Edge Orchestrator for Intel Tiber Edge Platform
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2025-22843 CVE-2025-20022 CVE-2025-20624 CVE-2025-20616 CVE-2025-20612 CVE-2025-22895 CVE-2025-20013 CVE-2025-20076 CVE-2025-20611 CVE-2025-22446 CVE-2025-21081 CVE-2025-22844 CVE-2025-20057 CVE-2025-20084 CVE-2025-22848 CVE-2025-23233 CVE-2025-20030 |
| CWE-ID | CWE-279 CWE-691 CWE-200 CWE-400 CWE-284 CWE-326 CWE-693 CWE-703 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Edge Orchestrator for Intel Tiber Edge Platform Other software / Other software solutions |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Incorrect Execution-Assigned Permissions
EUVDB-ID: #VU109258
Risk: Low
CVSSv4.0: 4.1 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22843
CWE-ID:
CWE-279 - Incorrect Execution-Assigned Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect execution-assigned permissions. A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient Control Flow Management
EUVDB-ID: #VU109259
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20022
CWE-ID:
CWE-691 - Insufficient Control Flow Management
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to insufficient control flow management. A remote administrator on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU109260
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20624
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU109261
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20616
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user on the local network can trigger resource exhaustion and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect Execution-Assigned Permissions
EUVDB-ID: #VU109262
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20612
CWE-ID:
CWE-279 - Incorrect Execution-Assigned Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect execution-assigned permissions. A remote user on the local network can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU109263
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22895
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU109266
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20013
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU109267
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20076
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU109268
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20611
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Inadequate Encryption Strength
EUVDB-ID: #VU109269
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22446
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a inadequate encryption strengthy. A remote user on the local network can egain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Protection Mechanism Failure
EUVDB-ID: #VU109270
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21081
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local user can bypass implemented security restrictions and elevate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU109271
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22844
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass implemented security restrictions and gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU109272
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20057
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource exhaustion
EUVDB-ID: #VU109273
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20084
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper Check or Handling of Exceptional Conditions
EUVDB-ID: #VU109274
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-22848
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper conditions check. A remote user on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect Execution-Assigned Permissions
EUVDB-ID: #VU109275
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-23233
CWE-ID:
CWE-279 - Incorrect Execution-Assigned Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect execution-assigned permissions. A remote user on the local network can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information disclosure
EUVDB-ID: #VU109276
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-20030
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEdge Orchestrator for Intel Tiber Edge Platform: before 24.11
CPE2.3 External linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
