CVE-2025-24066
Published: 11 March 2025
Summary
CVE-2025-24066 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1607. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of known flaws like this heap-based buffer overflow in Windows kernel-mode drivers via vendor patches.
Implements memory protection features such as DEP and ASLR to block exploitation of heap buffer overflows for privilege escalation.
Enforces least privilege to restrict the initial privileges of local low-privilege attackers, limiting escalation opportunities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in Windows kernel-mode drivers enables local privilege escalation from low-privileged context to kernel-level access, directly mapping to T1068 Exploitation for Privilege Escalation.
NVD Description
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2025-24066, published on 2025-03-11, is a heap-based buffer overflow vulnerability (CWE-122) affecting Windows Kernel-Mode Drivers. Assigned a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it enables an authorized attacker to elevate privileges locally through improper bounds checking in kernel-mode components.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction required. Exploitation occurs via a heap-based buffer overflow, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability, typically resulting in full privilege escalation from a standard user context to kernel-level access.
Microsoft's security update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24066 details available patches and recommended mitigations for addressing this vulnerability.
Details
- CWE(s)