cbcvebase.
CVE-2025-24983
published 2025-03-11

CVE-2025-24983: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
KEV
CISA Known Exploited Vulnerabilitydue 2025-04-01
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10_1507< 10.0.10240.2094710.0.10240.20947
microsoftwindows_10_1607< 10.0.14393.787610.0.14393.7876
microsoftwindows_10_version_1507>= 10.0.10240.0 < 10.0.10240.2094710.0.10240.20947
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.787610.0.14393.7876
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.7601.0 < 6.1.7601.276186.1.7601.27618
microsoftwindows_server_2008_service_pack_2>= 6.0.6003.0 < 6.0.6003.231686.0.6003.23168
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.9200.0 < 6.2.9200.253686.2.9200.25368
microsoftwindows_server_2012_r2>= 6.3.9600.0 < 6.3.9600.224706.3.9600.22470
microsoftwindows_server_2016< 10.0.14393.787610.0.14393.7876
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.787610.0.14393.7876
msrcwindows_10_for_32-bit_systems
msrcwindows_10_for_x64-based_systems
msrcwindows_10_version_1607_for_32-bit_systems
msrcwindows_10_version_1607_for_x64-based_systems
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2
msrcwindows_server_2008_r2_for_x64-based_systems_service_pack_1
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.0HIGH
cisa7.0HIGH