Cyber Resilience

CVE-2025-24076

HighLPE

Published: 11 March 2025

Published
11 March 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0396 88.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24076 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability CVE-2025-24076 stems from improper access control in the Windows Cross Device Service, which permits an authorized attacker to elevate privileges locally. It is tracked under CWE-284 and received a CVSS 3.1 score of 7.3 reflecting local attack vector, low complexity, low privileges, and required user interaction that can still result in high impact to confidentiality, integrity, and availability.

An attacker already present on the system with limited authorization can leverage the flaw to obtain higher privileges, thereby gaining broad control over the affected Windows installation.

The Microsoft Security Response Center advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24076 supplies official details on patches and mitigation steps. The associated EPSS score has remained flat at 0.0396 with no material rise observed after disclosure.

EU & UK References

Vulnerability details

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local privilege escalation vulnerability via improper access control in a Windows service, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24994Same product: Microsoft Windows 11 22H2
CVE-2025-21293Same product: Microsoft Windows 11 22H2
CVE-2025-24084Same product: Microsoft Windows 11 22H2
CVE-2025-21359Same product: Microsoft Windows 11 22H2
CVE-2026-24290Same product: Microsoft Windows 11 23H2
CVE-2025-59230Same product: Microsoft Windows 11 22H2
CVE-2026-21238Same product: Microsoft Windows 11 23H2
CVE-2026-33834Same product: Microsoft Windows 11 23H2
CVE-2026-25176Same product: Microsoft Windows 11 23H2
CVE-2026-27914Same product: Microsoft Windows 11 23H2

Affected Assets

microsoft
windows 11 22h2
≤ 10.0.22621.5039
microsoft
windows 11 23h2
≤ 10.0.22631.5039
microsoft
windows 11 24h2
≤ 10.0.26100.3403
microsoft
windows server 2022 23h2
≤ 10.0.25398.1486
microsoft
windows server 2025
≤ 10.0.26100.3403

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for access to system resources, countering the improper access control flaw in Windows Cross Device Service that enables local privilege escalation.

prevent

Applies least privilege principle to restrict low-privilege local attackers from gaining elevated access through the vulnerable service.

prevent

Mandates timely identification, reporting, and correction of the specific access control flaw, preventing exploitation via patching as recommended by MSRC.

References