CVE-2025-27475
published 2025-04-08CVE-2025-27475: Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
PriorityP336high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.32%
23.6th percentile
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.5189 | 10.0.22621.5189 |
| microsoft | windows_11_23h2 | < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_24h2 | < 10.0.26100.3775 | 10.0.26100.3775 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5189 | 10.0.22621.5189 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3775 | 10.0.26100.3775 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Update Stack Elevation of Privilege Vulnerability
vendor_msrc·2025-04-08·CVSS 7.0
CVE-2025-27475 [HIGH] CWE-591 Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
Description: Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Update Stack: Windows Update Stack
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softwa
GHSA
GHSA-jjwr-7vqh-8gf4: Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-04-08
CVE-2025-27475 [HIGH] CWE-591 GHSA-jjwr-7vqh-8gf4: Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-04-08
Published