CVE-2025-62569
published 2025-12-09CVE-2025-62569: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
PriorityP338high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.30%
21.2th percentile
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_11_25h2 | < 10.0.26200.7392 | 10.0.26200.7392 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7462 | 10.0.26200.7462 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.2025 | 10.0.25398.2025 |
| microsoft | windows_server_2025 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Brokering File System Elevation of Privilege Vulnerability
vendor_msrc·2025-12-09·CVSS 7.0
CVE-2025-62569 [HIGH] CWE-416 Microsoft Brokering File System Elevation of Privilege Vulnerability
Microsoft Brokering File System Elevation of Privilege Vulnerability
Description: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user.
Microsoft Brokering File System: Microsoft Brokering File System
Microsoft: Microsoft
Customer Action Requir
GHSA
GHSA-cw33-5hw7-4676: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-12-09
CVE-2025-62569 [HIGH] CWE-416 GHSA-cw33-5hw7-4676: Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
blogs_bleepingcomputer·2025-12-09·CVSS 7.8
[HIGH] Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Lawrence Abrams
28 Elevation of Privilege Vulnerabilities
19 Remote Code Execution Vulnerabilities
4 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (15 flaws) and Mariner vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5072033 & KB5071417 cumulative updates .
If you're facing delays, blind spots, or prioritization issues with Patch Tuesday updates, our recent webinar with
Wiz
CVE-2025-62569 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-62569 [HIGH] CVE-2025-62569 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62569 :
vulnerability analysis and mitigation
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.0
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.8
Exploitation Probability (EPSS) 0.1
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Free Vulnerability Assessment
## Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defens
2025-12-09
Published