CVE-2025-48819

HIGH

Windows UPnP Device Host - Privilege Escalation

Title source: llm

Description

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

References (1)

Scores

CVSS v3 7.1
EPSS 0.0009
EPSS Percentile 26.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-591
Status published

Affected Products (21)

microsoft/windows_10_1507 < 10.0.10240.21073
microsoft/windows_10_1507 < 10.0.10240.21073
microsoft/windows_10_1607 < 10.0.14393.8246
microsoft/windows_10_1607 < 10.0.14393.8246
microsoft/windows_10_1809 < 10.0.17763.7558
microsoft/windows_10_1809 < 10.0.17763.7558
microsoft/windows_10_21h2 < 10.0.19044.6093
microsoft/windows_10_22h2 < 10.0.19045.6093
microsoft/windows_11_22h2 < 10.0.22621.5624
microsoft/windows_11_23h2 < 10.0.22631.5624
microsoft/windows_11_24h2 < 10.0.26100.4652
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
... and 6 more

Timeline

Published Jul 08, 2025
Tracked Since Feb 18, 2026