CVE-2025-24983

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24983
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

7.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
History

13 Mar 2025, 19:54

Type Values Removed Values Added
First Time Microsoft windows Server 2016
Microsoft windows Server 2012
Microsoft windows 10 1507
Microsoft windows Server 2008
Microsoft windows 10 1607
Microsoft
Summary
  • (es) El uso después de la liberación en el subsistema del kernel Win32 de Windows permite que un atacante autorizado eleve privilegios localmente.
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983 - Patch, Vendor Advisory
CPE cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*

11 Mar 2025, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 17:16

Updated : 2025-03-13 19:54

NVD link : CVE-2025-24983

Mitre link : CVE-2025-24983

CVE.ORG link : CVE-2025-24983

JSON object : View

Products Affected

microsoft

  • windows_server_2016
  • windows_10_1607
  • windows_10_1507
  • windows_server_2012
  • windows_server_2008
CWE
CWE-416

Use After Free