CVE-2025-49677

HIGH

Windows 11 22H2 < 10.0.22621.5624 - Authenticated Use-After-Free in Brokering File System

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-49677. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This Python script exploits CVE-2025-49677 by creating a scheduled task that runs a batch script as SYSTEM, providing an interactive SYSTEM shell. It leverages Windows built-in commands to execute arbitrary commands with elevated privileges.

Description

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Exploits (1)

exploitdb WORKING POC

by nu11secur1ty · textlocalwindows

https://www.exploit-db.com/exploits/52360

View Code ZIP pw:eip

This Python script exploits CVE-2025-49677 by creating a scheduled task that runs a batch script as SYSTEM, providing an interactive SYSTEM shell. It leverages Windows built-in commands to execute arbitrary commands with elevated privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 11 Version 22H2

Auth required

Prerequisites: Administrator privileges · Python 3.x installed on Windows

MITRE ATT&CK

T1053 - Scheduled Task/Job T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49677

Scores

CVSS v3 7.0

EPSS 0.0387

EPSS Percentile 88.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (1)

microsoft/windows_11_22h2 < 10.0.22621.5624

Published Jul 08, 2025

Tracked Since Feb 18, 2026