CVE-2025-48819Sensitive Data Storage in Improperly Locked Memory in Microsoft Windows 10 Version 1507

CWE-591Sensitive Data Storage in Improperly Locked Memory4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 61.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
27
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+24 more
Timeline
PublishedJul 8

Description

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages26 packages

NVDmicrosoft/windows< 10.0.14393.8246+5
NVDmicrosoft/windows_10_1507< 10.0.10240.21073
NVDmicrosoft/windows_10_1607< 10.0.14393.8246
NVDmicrosoft/windows_10_1809< 10.0.17763.7558
NVDmicrosoft/windows_10_21h2< 10.0.19044.6093

🔴Vulnerability Details

2
GHSA
GHSA-27hj-x243-69pr: Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate priv2025-07-08
CVEList
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability2025-07-08

📋Vendor Advisories

1
Microsoft
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability2025-07-08
CVE-2025-48819 — Microsoft vulnerability | cvebase