PT-2025-28529 · Microsoft · Windows Connected Devices Platform Service+1

He Yisheng

Published

2025-07-08

Updated

2025-09-16

CVE-2025-48000

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Windows Connected Devices Platform Service (affected versions not specified)

Description: The issue is related to a use after free condition in the Windows Connected Devices Platform Service, which allows an authorized attacker to elevate privileges locally. This means an attacker with initial access to the system could potentially gain higher levels of access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

BDU:2025-08349

CVE-2025-48000

Affected Products

Windows

Windows Connected Devices Platform Service

PT-2025-28529 · Microsoft · Windows Connected Devices Platform Service+1

CVE-2025-48000

Weakness Enumeration

Related Identifiers

Affected Products

References · 9