← back
CVE-2025-24983

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVSS 7 HIGHEPSS 1.3%● KEVCWE-416
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7EPSS 1.3%KEV simPoC Nuclei Metasploit Patch referenciado
Lifecycle
11 Mar 2025Active exploitation (CISA KEV)
11 Mar 2025Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Windows allows an authorized user to regain access to memory that has already been freed, potentially letting them gain higher privileges on the system.

Technical detail

Use-after-free vulnerability in Win32 Kernel Subsystem (CWE-416) allows a local authenticated attacker to elevate privileges by referencing freed memory; requires prior system access and successful exploitation of memory allocation patterns.

Summary generated and translated by AI from the official description.
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →