CVE-2025-24994
Published Mar 11, 2025
Last updated 2 months ago
AI description
CVE-2025-24994 is a vulnerability found in the Windows Cross Device Service. It stems from improper access control, which could allow an attacker with authorization to elevate their privileges on a local system. The vulnerability was published on March 11, 2025. Microsoft is listed as the assigning CNA (CVE Numbering Authority).
- Description
- Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.9
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
- Hype score
- Not currently trending
Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 https://t.co/m3mH19iwWW
@samilaiho
16 Apr 2025
1035 Impressions
4 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
Windowsの権限昇格脆弱性CVE-2025-24076及びCVE-2025-24994について。Compass Security社報告。前者はDLLハイジャック。300ミリ秒しか成立タイミングが無かったため、Opportunistic Lockで実行を止め、DetoursライブラリでGetFileVersionInfoExWをインターセプトし書き換え。 https://t.co/g6kkX8FnAR
@__kokumoto
16 Apr 2025
721 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 https://t.co/dUlwa4walR
@Dinosn
16 Apr 2025
1635 Impressions
6 Retweets
18 Likes
9 Bookmarks
0 Replies
0 Quotes
3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: https://t.co/UfN6cBazI
@compasssecurity
15 Apr 2025
6490 Impressions
38 Retweets
121 Likes
76 Bookmarks
2 Replies
0 Quotes