CVE-2025-26639
Published: 08 April 2025
Summary
CVE-2025-26639 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-26639 is an integer overflow or wraparound vulnerability, also referenced under CWE-122 and CWE-190, that affects the Windows USB Print Driver. The flaw carries a CVSS 3.1 base score of 7.8 and permits an authorized local attacker to elevate privileges on an affected system.
An attacker with a valid local account can exploit the issue without user interaction to gain elevated rights, potentially obtaining full control over the host. The attack vector is local only, with low attack complexity and no requirement for the victim to perform any action.
Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26639 provides official guidance on available patches and mitigations for the affected Windows versions.
The EPSS score remains low at 0.0225 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10229
Vulnerability details
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.