CVE-2025-25273 is an insufficient control flow management vulnerability in the Linux kernel-mode i40e driver used by some Intel 700 Series Ethernet controllers. It affects Intel 700 Series Ethernet Linux drivers before version 2.28.5. The flaw is classified as CWE-691 and can allow an authenticated local user to manipulate execution paths within the kernel driver, potentially bypassing intended privilege boundaries. Because the vulnerable component runs in kernel mode, successful exploitation can result in compromise of the host operating system.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A local privilege escalation vulnerability in the Linux kernel-mode i40e driver for Intel 700 Series Ethernet controllers caused by insufficient control flow management.
A local privilege escalation vulnerability caused by insufficient control flow management in Intel 700 Series Ethernet Linux kernel-mode drivers before version 2.28.5.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.