Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2025-48819

Опубликовано: 08 июл. 2025
Источник: msrc
CVSS3: 7.1
EPSS Низкий

Описание

Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?

An authenticated attacker could exploit this vulnerability with LAN access.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
50626245062618
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
50626245062618
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
50626245062618
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
50626325062619
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
50626325062619
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
50626245062618
Monthly RollupSecurity Only
Windows Server 2012
5062592
Monthly Rollup
Windows Server 2012 (Server Core installation)
5062592
Monthly Rollup
Windows Server 2012 R2
5062597
Monthly Rollup
Windows Server 2012 R2 (Server Core installation)
5062597
Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 47%
0.0024
Низкий

7.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-48819

CVSS3: 7.1
nvd
9 дней назад

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

github логотип

GHSA-27hj-x243-69pr

CVSS3: 7.1
github
9 дней назад

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

EPSS

Процентиль: 47%
0.0024
Низкий

7.1 High

CVSS3