cbcvebase.
CVE-2025-62455
published 2025-12-09

CVE-2025-62455: Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_1607< 10.0.14393.868810.0.14393.8688
microsoftwindows_10_1809< 10.0.17763.814610.0.17763.8146
microsoftwindows_10_21h2< 10.0.19044.669110.0.19044.6691
microsoftwindows_10_22h2< 10.0.19045.669110.0.19045.6691
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.868810.0.14393.8688
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
microsoftwindows_10_version_21h2>= 10.0.19044.0 < 10.0.19044.669110.0.19044.6691
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.669110.0.19045.6691
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.7601.0 < 6.1.7601.280646.1.7601.28064
microsoftwindows_server_2008_service_pack_2>= 6.0.6003.0 < 6.0.6003.236666.0.6003.23666
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.9200.0 < 6.2.9200.258156.2.9200.25815
microsoftwindows_server_2012_r2>= 6.3.9600.0 < 6.3.9600.229206.3.9600.22920
microsoftwindows_server_2016< 10.0.14393.868810.0.14393.8688
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.868810.0.14393.8688
microsoftwindows_server_2019< 10.0.17763.814610.0.17763.8146
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.814610.0.17763.8146
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_server_2008
msrcwindows_server_2008_r2
msrcwindows_server_2012