cbcvebase.
CVE-2025-53142
published 2025-08-12

CVE-2025-53142: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

PriorityP337high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.33%
24.4th percentile
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftwindows_11_22h2< 10.0.22621.576810.0.22621.5768
microsoftwindows_11_23h2< 10.0.22631.576810.0.22631.5768
microsoftwindows_11_24h2< 10.0.26100.485110.0.26100.4851
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.576810.0.22621.5768
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.576810.0.22631.5768
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.576810.0.22631.5768
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.494610.0.26100.4946
microsoftwindows_server_2022_23h2< 10.0.25398.179110.0.25398.1791
microsoftwindows_server_2025< 10.0.26100.485110.0.26100.4851
microsoftwindows_server_2025>= 10.0.26100.0 < 10.0.26100.494610.0.26100.4946
msrcazl3_kernel_6.6.57.1-7_on_azure_linux_3.0
msrcazl3_kernel_6.6.64.2-1_on_azure_linux_3.0
msrccbl2_kernel_5.15.176.3-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.180.1-1_on_cbl_mariner_2.0
msrcwindows_11_version_22h2_for_arm64-based_systems
msrcwindows_11_version_22h2_for_x64-based_systems
msrcwindows_11_version_23h2_for_arm64-based_systems
msrcwindows_11_version_23h2_for_x64-based_systems
msrcwindows_11_version_24h2_for_arm64-based_systems
msrcwindows_11_version_24h2_for_x64-based_systems
msrcwindows_server_2022_23h2_edition
msrcwindows_server_2025

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.