The vulnerability stems from the process of writing sensitive information to a file and subsequently changing the file's permissions using chmod. This sequence creates a time window susceptible to a TOCTOU race condition attack. During this window, an attacker could exploit the gap between the file creation and permission modification to gain unauthorized access to the sensitive information. This type of vulnerability is particularly concerning because it relies on the inherent race condition between two operations that are assumed to be atomic but are not.

An attacker monitors the file system for the creation of new files. Upon detection of a new file created by the vulnerable code in the Intel Neural Compressor, the attacker quickly attempts to access the file before its permissions are secured. If successful, the attacker gains access to sensitive information that was intended to be protected, potentially leading to further exploitation of the system or data breach.

Any users or systems utilizing the Intel Neural Compressor master version prior to the patch in version 2.5.0 are at risk. This includes individuals and organizations that rely on this tool for neural network model optimization and are potentially exposing sensitive configuration data due to this vulnerability.