AI description
CVE-2025-24983 is an elevation of privilege vulnerability found in the Windows Win32k driver. Exploitation of this use-after-free vulnerability allows an attacker to elevate their privileges locally on a system. This vulnerability affects older versions of Windows, specifically Windows 8.1 and Windows Server 2012 R2. Newer operating systems like Windows 10, Windows 11, and Windows Server 2019 and later appear to be unaffected. This vulnerability has been observed being exploited in the wild in conjunction with the PipeMagic backdoor, a malware known for data exfiltration and providing remote access capabilities. Attackers must already have local access to the system to exploit CVE-2025-24983, but successful exploitation allows them to gain SYSTEM privileges. Microsoft patched this vulnerability as part of their March 2025 Patch Tuesday release.
- Description
- Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Win32k Use-After-Free Vulnerability
- Exploit added on
- Mar 11, 2025
- Exploit action due
- Apr 1, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-416
- Hype score
- Not currently trending
Threat Alert: PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware CVE-2025-29824 CVE-2025-24983 CVE-2023-28252 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/zGwGbSy81X #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
16 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From Exploit to Ransomware: Detecting CVE-2025-29824 https://t.co/DD8ooLY3kl The Microsoft Security blog highlights the active exploitation of CVE-2025-24983, a zero-day vulnerability in the Windows Common Log File System (CLFS) that allows local privilege escalation to SYSTE…
@f1tym1
11 Apr 2025
25 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
古いWindowsの危険度が上がったとも言える / Windows の脆弱性 CVE-2025-24983 が FIX:修正に要した2年間と現実の攻撃での悪用 https://t.co/eIah0dVDKG #bookmark
@igaos
10 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
この内 CVE-2025-24983、CVE-2025-24984、CVE-2025-24985、CVE-2025-24991、CVE-2025-24993、CVE-2025-26633 の脆弱性について、Microsoft 社では悪用の事実を確認済みと公表しており、今後被害が拡大するおそれがあるため、至急、更新プログラムを適用してください。
@quickshield_jp
7 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
2 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/uJDJApiniJ https://t.co/AXWFVDaFdd
@IT_Peurico
25 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
23 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
21 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
21 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
19 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/BiiSgsJ0zP https://t.co/1aVALoUNon
@Trej0Jass
18 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
18 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24983 Microsoft Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally, Affected Windows 10/2000/2008/2012 CVSS3 7.0, Impact 5.9, Local, EPSS 34.56% https://t.co/6YNvpWNAA7
@vFeed_IO
18 Mar 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/NP9FqFSjkQ https://t.co/zNAUxfGQv6
@dansantanna
17 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/I1FUNvyWiy https://t.co/gCQYEQrO14
@NickBla41002745
17 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
17 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
16 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
15 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical #Windows Kernel Zero-Day Vulnerability Patched (#CVE-2025-24983) https://t.co/kRjY3mNqwf Educational Purposes!
@UndercodeUpdate
14 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Windows-#Sicherheitslücke entdeckt! ESET Forscher haben eine #ZeroDay-Schwachstelle (CVE-2025-24983) in älteren Windows-Versionen (u.a. Windows Server und Windows 10) entdeckt. Microsoft hat die Lücke geschlossen – jetzt updaten! Infos: https://t.co/dERAXl5DLm https://t.co/
@ESET_de
14 Mar 2025
4 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft、定例アップデートで2年間未修正のWindowsカーネル脆弱性(CVE-2025-24983)を修正 #セキュリティ対策Lab #セキュリティ #Security https://t.co/5r5N4LbFj9
@securityLab_jp
14 Mar 2025
78 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24983 🔴 HIGH (7) 🏢 Microsoft - Windows 10 Version 1507 🏗️ 10.0.10240.0 🔗 https://t.co/Y0N7cg7p8j #CyberCron #VulnAlert #InfoSec https://t.co/eJneyIF4Ex
@cybercronai
12 Mar 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ESET discovered a zero-day vulnerability (CVE-2025-24983) in Windows, exploited since March 2023, allowing low-privilege attackers to gain SYSTEM privileges, now patched. #Security #Microsoft https://t.co/MQH3uTyDtg
@Strivehawk
12 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/qj9V35ZLqu https://t.co/rJ7ZorckHf
@TechMash365
12 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/Bs76x1WUgc https://t.co/MnAIyLhIRe
@secured_cyber
12 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/iEnnKi4FhE https://t.co/edMd37EuBC
@ggrubamn
12 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Patch Tuesday mars : 57 failles corrigées dont 6 zero-day activement exploitées. Selon ESET le 0-day exploitant la CVE-2025-24983 a été vu pour la première fois en mars 2023 et a été déployé via la backdoor #PipeMagic. https://t.co/F7BySOJBUN
@cert_ist
12 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة خطيرة في #Windows تُعرّض الأجهزة للاختراق! معرف CVE-2025-24983: استغلال يسمح برفع الصلاحيات إلى مستوى SYSTEM الأنظمة المتضررة: Windows 10، Server 2016، وما قبلها التحديثات الأمنية: Microsoft أصلحت الثغرة في مارس 2025 حدّث نظامك الآن لحماية بياناتك! https://t.co/GOZpjOmqn7
@mjbtechtips
12 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/IC5Y4cLVn9 https://t.co/rx1J8mhJit
@Trej0Jass
12 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly patched Windows vulnerability (CVE-2025-24983) has been exploited since March 2023, affecting older systems like Windows 8.1 & Server 2012 R2. Update now! 🔒🖥️ #WindowsPatch #CyberThreats #USA link: https://t.co/DKriDkJiij https://t.co/lYIW0GLwNP
@TweetThreatNews
12 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/DICKOo36oF https://t.co/QSVFeLKsqy
@Art_Capella
12 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/Uw6ZamXizW https://t.co/9SAb6FL3MD
@pcasano
12 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Microsoft warns: 6 zero-days under active attack! 🔹 Key threats: CVE-2025-24985 & CVE-2025-24993 – File system flaws allowing remote code execution CVE-2025-24983 – A Win32k zero-day used in the wild with PipeMagic malware CVE-2025-26633 – Security bypass flaw in Microso
@dysafhackx
12 Mar 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) https://t.co/PmXIGZ0YCH https://t.co/dYxmBzG6JE
@NickBla41002745
12 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1295 CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability ============= CVSSスコア:7.0 (Base) / Microsoft Corporation CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H… https://t.co/5ykGQpfUCf
@piyokango
12 Mar 2025
4609 Impressions
2 Retweets
10 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24983
@transilienceai
11 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "6997DE6E-CBAD-4690-A68C-8F10E477DCC2",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "3CBCF6D9-5085-473C-82F5-98BC246A9C4C",
"versionEndExcluding": "10.0.10240.20947"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0CF0E174-4692-4AA3-B72E-12E73A1BDBE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "340EF5F8-D4F5-4AD8-9D80-1DEC2F376BE5",
"versionEndExcluding": "10.0.14393.7876"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7610CDB-A02B-4C62-B17F-6DCE2B3DE4F0",
"versionEndExcluding": "10.0.14393.7876"
}
],
"operator": "OR"
}
]
}
]