CVE-2025-24072

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_10_1809
𝑥
< 10.0.17763.7009
microsoftwindows_10_1809
𝑥
< 10.0.17763.7009
microsoftwindows_10_21h2
𝑥
< 10.0.19044.5608
microsoftwindows_10_22h2
𝑥
< 10.0.19045.5608
microsoftwindows_11_22h2
𝑥
< 10.0.22621.5039
microsoftwindows_11_23h2
𝑥
< 10.0.22631.5039
microsoftwindows_11_24h2
𝑥
< 10.0.26100.3403
microsoftwindows_11_24h2
𝑥
< 10.0.26100.3403
microsoftwindows_server_2008
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.7876
microsoftwindows_server_2019
𝑥
< 10.0.17763.7009
microsoftwindows_server_2022
𝑥
< 10.0.20348.3270
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.1486
microsoftwindows_server_2025
𝑥
< 10.0.26100.3403
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24072