Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-24076 — Improper Access Control in Microsoft Windows 11 Version 22h2

Severity

7.3HIGHNVD

EPSS

1.6%

top 18.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedMar 11

Latest updateJun 9

Description

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

▶NVDmicrosoft/windows< 10.0.25398.1486+1

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.3476

CVEList

Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability↗2025-03-11

▶

GHSA

GHSA-664p-96hw-74xh: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally↗2025-03-11

▶

Exploit-DB

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege↗2025-06-09

▶

Microsoft

Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability↗2025-03-11

▶

Bleepingcomputer

Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws↗2025-03-11

▶