CVE-2025-24983

EUVD-2025-6323
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7 HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1507
𝑥
< 10.0.10240.20947
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_10_1607
𝑥
< 10.0.14393.7876
microsoftwindows_server_2008
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.7876
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5053618
1607 (x64, x86)
KB5053594
Windows Server 2008
Service Pack 2 (x64, x86)
KB5053995
Service Pack 2 Server Core (x64, x86)
KB5053995
Windows Server 2008 R2
Service Pack 1 (x64)
KB5053627
Service Pack 1 Server Core (x64)
KB5053627
Windows Server 2012
Server Core
KB5053886
Standard
KB5053886
Windows Server 2012 R2
Server Core
KB5053887
Standard
KB5053887
Windows Server 2016
Server Core
KB5053594
Standard
KB5053594
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24983