CVE-2025-24084
Published: 11 March 2025
Summary
CVE-2025-24084 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 43.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-24084 is an untrusted pointer dereference vulnerability (CWE-822) in the Windows Subsystem for Linux (WSL). Published on 2025-03-11, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The flaw enables an unauthorized attacker to execute arbitrary code locally within the affected WSL component.
A local attacker can exploit this vulnerability with low complexity and no required privileges or user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing full code execution in the context of WSL.
Microsoft's update guide provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6324
Vulnerability details
Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local untrusted pointer dereference enabling arbitrary code execution with no privileges or user interaction required directly maps to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws like this untrusted pointer dereference in WSL through patching and security updates.
Implements memory protections such as ASLR and DEP to prevent arbitrary code execution from untrusted pointer dereferences.
Enables vulnerability scanning to identify this WSL untrusted pointer dereference flaw for prioritization and remediation.