CVE-2025-26687

CWE-416Use After FreeCWE-4595 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
37
Microsoft Microsoft Office FOR AndroidMicrosoft Microsoft Office FOR UniversalMicrosoft Windows 10 Version 1507+34 more
Timeline
PublishedApr 8

Description

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages36 packages

NVDmicrosoft/windows< 10.0.14393.7969+5
NVDmicrosoft/windows_10_1507< 10.0.10240.20978
NVDmicrosoft/windows_10_1607< 10.0.14393.7969
NVDmicrosoft/windows_10_1809< 10.0.17763.7136
NVDmicrosoft/windows_10_21h2< 10.0.19044.5737

🔴Vulnerability Details

2
CVEList
Win32k Elevation of Privilege Vulnerability2025-04-08
GHSA
GHSA-p9qw-h5h2-6vw8: Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network2025-04-08

📋Vendor Advisories

2
Microsoft
Win32k Elevation of Privilege Vulnerability2025-04-08
Microsoft
xen/events: close evtchn after mapping cleanup2024-04-09