CVE-2025-24043

Published Mar 11, 2025

Last updated 24 days ago

CVSS high 7.5
Microsoft
WinDbg
.NET

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24043 is a remote code execution (RCE) vulnerability in Microsoft's WinDbg debugging tool and associated .NET packages. The flaw exists due to improper cryptographic signature verification within the SOS debugging extension. This allows an attacker with network access to execute arbitrary code on affected systems. .NET Core projects using vulnerable versions of the `dotnet-sos`, `dotnet-dump`, and `dotnet-debugger-extensions` NuGet packages are susceptible. Microsoft recommends updating to the latest versions of these packages and WinDbg itself to mitigate the vulnerability.

Description
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-347

Social media

Hype score
Not currently trending

  1. Microsoft WinDbg の脆弱性 CVE-2025-24043 が FIX:暗号署名の不適切な検証と RCE の可能性 https://t.co/fG5WhG6S9Q このブログでは初登場となる、デバッグ・ツール Microsoft WinDbg に、RCE の脆弱性が発生しています。ご利用のチームは、アップデートおよび緩和策を、ご確認下さい。 #dotNET… https://t.co/g4KCa3x1Pz

    @iototsecnews

    19 Mar 2025

    112 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-24043 🔴 HIGH (7.5) 🏢 Microsoft - WinDbg 🏗️ 1.0.0 🔗 https://t.co/2SRG1QaSdH #CyberCron #VulnAlert #InfoSec https://t.co/esJqV3q5HL

    @cybercronai

    13 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. آسیب پذیری CVE-2025-24043: اجرای کد از راه دور در WinDbg و تهدیدی جدی برای امنیت سیستم‌ها #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2025_24043 #Microsoft #مایکروسافت #WinDbg https://t.co/X2F0DDgUr3

    @vulnerbyte

    11 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. WinDbg Remote Code Execution Vulnerability: CVE-2025-24043 Exposes Critical Security Risk https://t.co/LEGiMQXXg0

    @Dinosn

    10 Mar 2025

    4153 Impressions

    19 Retweets

    88 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  5. 🗣 WinDbg Remote Code Execution Vulnerability: CVE-2025-24043 Exposes Critical Security Risk https://t.co/RUeyDSWleg

    @fridaysecurity

    10 Mar 2025

    44 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. WinDbg Remote Code Execution Vulnerability: CVE-2025-24043 Exposes Critical Security Risk CVE-2025-24043 poses a significant RCE threat in Microsoft's #WinDbg debugger. Understand the risks and implications for security. https://t.co/OFJOeUfaGA

    @the_yellow_fall

    10 Mar 2025

    1008 Impressions

    10 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  7. 🔴 #Microsoft WinDbg, Remote Code Execution, #CVE-2025-24043 (Critical) https://t.co/7VJHFQtRhM

    @dailycve

    7 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References