CVE-2025-29811
published 2025-04-08CVE-2025-29811: Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.48%
37.3th percentile
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.5189 | 10.0.22621.5189 |
| microsoft | windows_11_23h2 | < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_24h2 | < 10.0.26100.3775 | 10.0.26100.3775 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5189 | 10.0.22621.5189 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5189 | 10.0.22631.5189 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.3775 | 10.0.26100.3775 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1551 | 10.0.25398.1551 |
| microsoft | windows_server_2025 | < 10.0.26100.3775 | 10.0.26100.3775 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.3775 | 10.0.26100.3775 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
vendor_msrc·2025-04-08·CVSS 7.8
CVE-2025-29811 [HIGH] CWE-20 Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Description: Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Mobile Broadband: Windows Mobile Broadband
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5055528
Reference: https://support.microsoft.com/help/5055528
Reference: https://catalog.update.micro
GHSA
GHSA-f687-cpxh-93rh: Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-04-08
CVE-2025-29811 [HIGH] CWE-20 GHSA-f687-cpxh-93rh: Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally
Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-04-08
Published