CVE-2025-27741

HIGH

Microsoft Windows 10 1507 < 10.0.10240.20978 - Out-of-Bounds Read

Title source: rule

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Core 1

Core References

Vendor Advisory vendor-advisory patch

CVSS v3 7.8

EPSS 0.0074

EPSS Percentile 73.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-125

Status published

Products (9)

microsoft/windows_10_1507 < 10.0.10240.20978 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.7969 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7136 (2 CPE variants)

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016 < 10.0.14393.7969

microsoft/windows_server_2019 < 10.0.17763.7136

Published Apr 08, 2025

Tracked Since Feb 18, 2026