PT-2025-10837 · Microsoft · Windows Cross Device Service+1
John Ostrowski
·
Published
2025-03-11
·
Updated
2025-12-02
·
CVE-2025-24994
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to 10.0.22621.0
Description
An improper access control issue exists in the Windows Cross Device Service. This allows an authorized attacker to elevate privileges locally. The issue is an elevation-of-privilege vulnerability that allows attackers to affect the system.
Recommendations
Update Windows to version 10.0.22621.0 or later.
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows Cross Device Service