CVE-2025-24983
HIGH KEVWindows Win32 Kernel Subsystem - Privilege Escalation
Title source: llmExploitation Summary
CVE-2025-24983 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 11, 2025.
Description
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24983
Patch, Vendor Advisory vendor-advisory
patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
Scores
CVSS v3
7.0
EPSS
0.0180
EPSS Percentile
83.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-03-11
VulnCheck KEV
2025-03-11
ENISA EUVD
EUVD-2025-6323
CWE
CWE-416
Status
published
Products (7)
microsoft/windows_10_1507
< 10.0.10240.20947 (2 CPE variants)
microsoft/windows_10_1607
< 10.0.14393.7876 (2 CPE variants)
microsoft/windows_server_2008
(2 CPE variants)
microsoft/windows_server_2008
r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
microsoft/windows_server_2016
< 10.0.14393.7876
Published
Mar 11, 2025
KEV Added
Mar 11, 2025
Tracked Since
Feb 18, 2026