CVE-2025-29838

Опубликовано: 13 мая 2025

Источник: msrc

CVSS3: 7.4

EPSS Низкий

Описание

Windows ExecutionContext Driver Elevation of Privilege Vulnerability

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires a mappable null page.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Обновления

Продукт	Статья	Обновление
Windows 11 Version 24H2 for ARM64-based Systems	5058411 5058497	Security Update SecurityHotpatchUpdate
Windows 11 Version 24H2 for x64-based Systems	5058411 5058497	Security Update SecurityHotpatchUpdate
Windows Server 2025	5058411 5058497	Security Update SecurityHotpatchUpdate
Windows Server 2025 (Server Core installation)	5058411 5058497	Security Update SecurityHotpatchUpdate

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 16%

0.00052

Низкий

7.4 High

CVSS3

Связанные уязвимости

CVE-2025-29838

CVSS3: 7.4

nvd

около 1 месяца назад

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

GHSA-gvqh-2pg4-fc8q

CVSS3: 7.4

github

около 1 месяца назад

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.

BDU:2025-05585

CVSS3: 7.4

fstec

около 1 месяца назад

Уязвимость драйверов ExecutionContext Driver операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 16%

0.00052

Низкий

7.4 High

CVSS3