CVE-2025-62572
published 2025-12-09CVE-2025-62572: Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.36%
28.1th percentile
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_11_25h2 | < 10.0.26200.7392 | 10.0.26200.7392 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7462 | 10.0.26200.7462 |
| microsoft | windows_server_2025 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Application Information Service Elevation of Privilege Vulnerability
vendor_msrc·2025-12-09·CVSS 7.8
CVE-2025-62572 [HIGH] CWE-125 Application Information Service Elevation of Privilege Vulnerability
Application Information Service Elevation of Privilege Vulnerability
Description: Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
A successful exploitation of this vulnerability causes a privilege escalation from Medium to NT AUTHORITY\SYSTEM.
Application Information Services: Application Information Services
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033
Reference: https://support.microsoft.com/help/507203
GHSA
GHSA-j5xf-57fv-jcx4: Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-12-09
CVE-2025-62572 [HIGH] CWE-125 GHSA-j5xf-57fv-jcx4: Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
blogs_bleepingcomputer·2025-12-09·CVSS 7.8
[HIGH] Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Lawrence Abrams
28 Elevation of Privilege Vulnerabilities
19 Remote Code Execution Vulnerabilities
4 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (15 flaws) and Mariner vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5072033 & KB5071417 cumulative updates .
If you're facing delays, blind spots, or prioritization issues with Patch Tuesday updates, our recent webinar with
Wiz
CVE-2025-62572 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-62572 [HIGH] CVE-2025-62572 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62572 :
vulnerability analysis and mitigation
Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7.8
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.8
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.3
Exploitation Probability (EPSS) 0.1
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Free Vulnerability Assessment
## Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your
2025-12-09
Published