Cyber Posture

CVE-2025-24076

HighLPE

Published: 11 March 2025

Published
11 March 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0295 86.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24076 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 13.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Directly enforces approved authorizations for access to system resources, countering the improper access control flaw in Windows Cross Device Service that enables local privilege escalation.

AC-6 Least Privilege good match
prevent

Applies least privilege principle to restrict low-privilege local attackers from gaining elevated access through the vulnerable service.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific access control flaw, preventing exploitation via patching as recommended by MSRC.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CVE describes a local privilege escalation vulnerability via improper access control in a Windows service, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

CVE-2025-24076 is an improper access control vulnerability in the Windows Cross Device Service that allows an authorized attacker to elevate privileges locally. Published on 2025-03-11, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-284: Improper Access Control.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) but requires user interaction (UI:R), such as tricking the user into performing a specific action. Successful exploitation enables privilege escalation without changing scope (S:U), resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H).

The Microsoft Security Response Center provides an update guide for this vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24076, which details patches and mitigation recommendations.

Details

CWE(s)
CWE-284

Affected Products

microsoft
windows 11 22h2
≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403
microsoft
windows server 2022 23h2
≤ 10.0.25398.1486
microsoft
windows server 2025
≤ 10.0.26100.3403

CVEs Like This One

CVE-2025-24994Same product: Microsoft Windows 11 22H2
CVE-2025-21293Same product: Microsoft Windows 11 22H2
CVE-2025-24084Same product: Microsoft Windows 11 22H2
CVE-2025-21359Same product: Microsoft Windows 11 22H2
CVE-2026-24290Same product: Microsoft Windows 11 23H2
CVE-2025-59230Same product: Microsoft Windows 11 22H2
CVE-2026-21238Same product: Microsoft Windows 11 23H2
CVE-2026-27914Same product: Microsoft Windows 11 23H2
CVE-2026-20843Same product: Microsoft Windows 11 23H2
CVE-2026-25176Same product: Microsoft Windows 11 23H2

References