CVE-2025-24983
Published: 11 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-24983 is a use-after-free vulnerability (CWE-416) in the Windows Win32 Kernel Subsystem. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) and affects Windows operating systems where the Win32 Kernel Subsystem is present.
The vulnerability can be exploited by an authorized local attacker with low privileges. Exploitation requires high attack complexity and local access but no user interaction. Successful exploitation enables privilege escalation, granting high impacts on confidentiality, integrity, and availability.
Microsoft's update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983 provides details on patches and remediation. The vulnerability is referenced in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24983.
Details
- CWE(s)
- KEV Date Added
- 11 March 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Use-after-free in Windows Win32 Kernel Subsystem directly enables local privilege escalation from low-privileged context to high impacts on C/I/A.