⚠ Actively exploited

Added to CISA KEV on 2025-03-11. Federal agencies required to patch by 2025-04-01. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-24983 — Use After Free in Microsoft Windows 10 Version 1507

CWE-416 — Use After Free18 documents12 sources

Severity

7.0HIGHNVD

EPSS

0.6%

top 31.47%

CISA KEV

KEV

Added 2025-03-11

Due 2025-04-01

Exploit

No known exploits

Affected products

10

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows Server 2008 R2 Service Pack 1 +7 more

Timeline

PublishedMar 11

KEV addedMar 11

KEV dueApr 1

Latest updateDec 10

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/windows< 10.0.14393.7876+1

▶NVDmicrosoft/windows_10_1507< 10.0.10240.20947

▶NVDmicrosoft/windows_10_1607< 10.0.14393.7876

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.25368

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.7876

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

3

GHSA

GHSA-f4fr-5w7w-pg2w: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally↗2025-03-11

▶

CVEList

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability↗2025-03-11

▶

VulnCheck

Microsoft Windows Win32k Use-After-Free Vulnerability↗2025

▶

📋Vendor Advisories

2

CISA

Microsoft Windows Win32k Use-After-Free Vulnerability↗2025-03-11

▶

Microsoft

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability↗2025-03-11

▶

🕵️Threat Intelligence

12

Tenable

Patch Tuesday 2025 Year In Review↗2025-12-10

▶

Bleepingcomputer

Microsoft: Windows CLFS zero-day exploited by ransomware gang↗2025-04-08

▶

Bleepingcomputer

Microsoft patches Windows Kernel zero-day exploited since 2023↗2025-03-12

▶

Krebs

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday↗2025-03-12

▶

Qualys

Microsoft and Adobe Patch Tuesday, March 2025 Security Update Review↗2025-03-11

▶

External resources

NVD MITRE CISA KEV

Affected products10

Microsoft Windows 10 1507fixed in 10.0.10240.20947

Microsoft Windows 10 1607fixed in 10.0.14393.7876

Microsoft Windows 10 Version 1507≥ 10.0.10240.0, < 10.0.10240.20947

Microsoft Windows 10 Version 1607≥ 10.0.14393.0, < 10.0.14393.7876

Microsoft Windows Server 2008vr2

Microsoft Windows Server 2008 R2 Service Pack 1≥ 6.1.7601.0, < 6.1.7601.27618

Microsoft Windows Server 2008 Service Pack 2≥ 6.0.6003.0, < 6.0.6003.23168

Microsoft Windows Server 2012≥ 6.2.9200.0, < 6.2.9200.25368vr2

Microsoft Windows Server 2012 R2≥ 6.3.9600.0, < 6.3.9600.22470

Microsoft Windows Server 2016≥ 10.0.14393.0, < 10.0.14393.7876fixed in 10.0.14393.7876

Disclosure

PublishedMar 11, 2025

KEV addedMar 11, 2025

KEV dueApr 1, 2025

Latest updateDec 10, 2025

CVE-2025-24983 — Use After Free in Microsoft | cvebase