CVE-2025-53721
published 2025-08-12CVE-2025-53721: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7678 | 10.0.17763.7678 |
| microsoft | windows_10_21h2 | < 10.0.19044.6216 | 10.0.19044.6216 |
| microsoft | windows_10_22h2 | < 10.0.19045.6216 | 10.0.19045.6216 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7678 | 10.0.17763.7678 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6216 | 10.0.19044.6216 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6216 | 10.0.19045.6216 |
| microsoft | windows_11_22h2 | < 10.0.22621.5768 | 10.0.22621.5768 |
| microsoft | windows_11_23h2 | < 10.0.22631.5768 | 10.0.22631.5768 |
| microsoft | windows_11_24h2 | < 10.0.26100.4851 | 10.0.26100.4851 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5768 | 10.0.22621.5768 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5768 | 10.0.22631.5768 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5768 | 10.0.22631.5768 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4946 | 10.0.26100.4946 |
| microsoft | windows_server_2019 | < 10.0.17763.7678 | 10.0.17763.7678 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7678 | 10.0.17763.7678 |
| microsoft | windows_server_2022 | < 10.0.20348.3989 | 10.0.20348.3989 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4052 | 10.0.20348.4052 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1791 | 10.0.25398.1791 |
| microsoft | windows_server_2025 | < 10.0.26100.4851 | 10.0.26100.4851 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.4946 | 10.0.26100.4946 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
GHSA
GHSA-83cg-48p4-2hxg: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-08-12
CVE-2025-53721 [HIGH] CWE-416 GHSA-83cg-48p4-2hxg: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
Microsoft
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
vendor_msrc·2025-08-12·CVSS 7.0
CVE-2025-53721 [HIGH] CWE-416 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Description: Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker could use this vulnerability to elevate privileges from Medium Integrity Level to Local Service.
Windows Connected Devices Platform Service: Windows Connected Devices Platform Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Pri
No detection rules found.
No public exploits indexed.
2025-08-12
Published