CVE-2025-24076
Published: 11 March 2025
Summary
CVE-2025-24076 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 11.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability CVE-2025-24076 stems from improper access control in the Windows Cross Device Service, which permits an authorized attacker to elevate privileges locally. It is tracked under CWE-284 and received a CVSS 3.1 score of 7.3 reflecting local attack vector, low complexity, low privileges, and required user interaction that can still result in high impact to confidentiality, integrity, and availability.
An attacker already present on the system with limited authorization can leverage the flaw to obtain higher privileges, thereby gaining broad control over the affected Windows installation.
The Microsoft Security Response Center advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24076 supplies official details on patches and mitigation steps. The associated EPSS score has remained flat at 0.0396 with no material rise observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6325
Vulnerability details
Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local privilege escalation vulnerability via improper access control in a Windows service, directly mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces approved authorizations for access to system resources, countering the improper access control flaw in Windows Cross Device Service that enables local privilege escalation.
Applies least privilege principle to restrict low-privilege local attackers from gaining elevated access through the vulnerable service.
Mandates timely identification, reporting, and correction of the specific access control flaw, preventing exploitation via patching as recommended by MSRC.