CVE-2025-24076
published 2025-03-11CVE-2025-24076: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
PriorityP348high7.3CVSS 3.1
AVLACLPRLUIRSUCHIHAH
EXPLOIT
EPSS
3.03%
85.8th percentile
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.5039 | 10.0.22621.5039 |
| microsoft | windows_11_23h2 | < 10.0.22631.5039 | 10.0.22631.5039 |
| microsoft | windows_11_24h2 | < 10.0.26100.3403 | 10.0.26100.3403 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5039 | 10.0.22621.5039 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5039 | 10.0.22631.5039 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5039 | 10.0.22631.5039 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3476 | 10.0.26100.3476 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1486 | 10.0.25398.1486 |
| microsoft | windows_server_2025 | < 10.0.26100.3403 | 10.0.26100.3403 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3476 | 10.0.26100.3476 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vendor_msrc7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-664p-96hw-74xh: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-03-11
CVE-2025-24076 [HIGH] CWE-284 GHSA-664p-96hw-74xh: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
Microsoft
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
vendor_msrc·2025-03-11·CVSS 7.3
CVE-2025-24076 [HIGH] CWE-284 Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Microsoft Windows Cross Device Service Elevation of Privilege Vulnerability
Description: Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
FAQ: How could an attacker exploit this vulnerability?
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions.
FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
Exploitation of the vulnerability requires an attack vector involving both attacker authentication (to modify the DLL) and user interaction (to
No detection rules found.
2025-03-11
Published