CVE-2025-24983 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Win32k Use-After-Free Vulnerability

Exploit added

March 11, 2025

Action due

April 1, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983

Weakness Enumeration

CWE-ID	CWE Name
CWE-416	Use After Free

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20890::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20890::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20915::::::x86:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7606:::::::*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7428:::::::*
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20857::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20796::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20857::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x86:
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4946::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6981::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5648::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6897::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5291::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5066::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5356::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5427::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5125::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5192::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5850::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5582::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6351::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5501::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6796::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4467::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7515::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7336::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7259::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6167::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4886::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704::::standard::x64:*
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6897::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6897::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20596::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20596::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6709::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20766::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5582::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5582::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20651::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20826::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20826::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20751::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20526::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20526::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20766::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20651::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7259::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7259::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7070::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7336::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7070::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6981::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7336::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6981::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6796::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6796::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7070::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6981::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7259::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7259::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7159::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7515::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6897::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7336::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6796::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7159::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6800::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6709::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7515::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7515::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6709::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7336::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7428::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.7515::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.14393.6800::::::x86:

Details

Source:
NVD

Published:
March 11, 2025

Updated:
March 13, 2025

Risk information

CVSS v3

Base score:
7

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined