CVE-2025-49744

HIGH

Windows 10/11, Server 2016-2019 Local Privilege Escalation via Heap Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-49744. PoCs published by nu11secur1ty.

AI-analyzed exploit summary The provided script is a PowerShell-based validator that checks for the presence of CVE-2025-49744 by verifying Windows build numbers, installed hotfixes, and binary timestamps of critical system files. It performs safe API calls to validate system status without exploiting the vulnerability.

Description

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Exploits (1)

exploitdb SCANNER

by nu11secur1ty · textlocalwindows

https://www.exploit-db.com/exploits/52362

View Code ZIP pw:eip

The provided script is a PowerShell-based validator that checks for the presence of CVE-2025-49744 by verifying Windows build numbers, installed hotfixes, and binary timestamps of critical system files. It performs safe API calls to validate system status without exploiting the vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows 11 Pro (Build 26100+)

Auth required

Prerequisites: Administrator privileges · PowerShell execution policy allowing script execution

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49744

Scores

CVSS v3 7.0

EPSS 0.0292

EPSS Percentile 86.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362 CWE-191 CWE-122

Status published

Products (13)

microsoft/windows_10_1507 < 10.0.10240.21073 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.8246 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7558 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.6093

microsoft/windows_10_22h2 < 10.0.19045.6093

microsoft/windows_11_22h2 < 10.0.22621.5624

microsoft/windows_11_23h2 < 10.0.22631.5624

microsoft/windows_11_24h2 < 10.0.26100.4652

microsoft/windows_server_2016 < 10.0.14393.8246

microsoft/windows_server_2019 < 10.0.17763.7558

... and 3 more

Published Jul 08, 2025

Tracked Since Feb 18, 2026