CVE-2025-24076

HIGH

Microsoft Windows 11 22h2 < 10.0.22621.5039 - Improper Access Control

Title source: rule

Description

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Exploits (2)

exploitdb WORKING POC
by Mohammed Idrees Banyamer · pythonlocalwindows
https://www.exploit-db.com/exploits/52320
nomisec WORKING POC 14 stars
by mbanyamer · poc
https://github.com/mbanyamer/CVE-2025-24076

References (1)

Scores

CVSS v3 7.3
EPSS 0.0295
EPSS Percentile 86.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (5)
microsoft/windows_11_22h2 < 10.0.22621.5039
microsoft/windows_11_23h2 < 10.0.22631.5039
microsoft/windows_11_24h2 < 10.0.26100.3403
microsoft/windows_server_2022_23h2 < 10.0.25398.1486
microsoft/windows_server_2025 < 10.0.26100.3403
Published Mar 11, 2025
Tracked Since Feb 18, 2026