CVE-2025-55677

HIGH

Windows Device Association Broker - Privilege Escalation

Title source: llm
STIX 2.1

Description

Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 17.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-822
Status published
Products (3)
microsoft/windows_11_24h2 < 10.0.26100.6899
microsoft/windows_11_25h2 < 10.0.26200.6899
microsoft/windows_server_2025 < 10.0.26100.6899
Published Oct 14, 2025
Tracked Since Feb 18, 2026