Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-49683 — Heap-based Buffer Overflow in Microsoft Windows 10 Version 1507

Severity

7.8HIGHNVD

EPSS

1.1%

top 22.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedJul 8

Latest updateAug 3

Description

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVDmicrosoft/windows< 10.0.14393.8246+5

GHSA

GHSA-f9pq-9wpv-v9jh: Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally↗2025-07-08

▶

CVEList

Microsoft Virtual Hard Disk Remote Code Execution Vulnerability↗2025-07-08

▶

Exploit-DB

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)↗2025-08-03

▶

Microsoft

Microsoft Virtual Hard Disk Remote Code Execution Vulnerability↗2025-07-08

▶