CVE-2025-24983

high

Description

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

From the Tenable Blog

Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993)

Published: 2025-03-11

Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983

https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html

https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/

https://therecord.media/microsoft-zero-day-used-ransomware-attack-real-estate

https://www.bleepingcomputer.com/news/security/encrypthub-linked-to-zero-day-attacks-targeting-windows-systems/

https://www.securityweek.com/newly-patched-windows-zero-day-exploited-for-two-years/

https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-windows-kernel-zero-day-exploited-since-2023/

https://x.com/ESETresearch/status/1899508656258875756

https://www.securityweek.com/patch-tuesday-microsoft-patches-57-flaws-flags-six-active-zero-days/

https://www.crn.com/news/security/2025/microsoft-discloses-extraordinary-number-of-actively-exploited-vulnerabilities-researcher

https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-adds-six-known-exploited-vulnerabilities-catalog

https://cyberscoop.com/microsoft-patch-tuesday-march-2025/

https://www.tenable.com/blog/microsofts-march-2025-patch-tuesday-addresses-56-cves-cve-2025-26633-cve-2025-24983

Details

Source: Mitre, NVD

Published: 2025-03-11

Updated: 2025-03-13

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01551

Detections

Analytics