Cyber Resilience

CVE-2025-49687

High

Published: 08 July 2025

Published
08 July 2025
Modified
15 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0061 70.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49687 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 29.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-49687 is an out-of-bounds read vulnerability (CWE-125) affecting the Microsoft Input Method Editor (IME). Published on 2025-07-08, it carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with relatively low barriers to exploitation.

A local attacker with low privileges (PR:L) can exploit this vulnerability through local access (AV:L) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables privilege escalation, resulting in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) along with a change in scope (S:C), potentially allowing the attacker to gain elevated control over the affected system.

Mitigation details and patches are outlined in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49687. Security practitioners should consult this resource for specific remediation steps.

EU & UK References

Vulnerability details

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via OOB read in IME component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-48822Same product: Microsoft Windows 10 1607
CVE-2026-25174Same product: Microsoft Windows 10 1607
CVE-2026-23673Same product: Microsoft Windows 10 1607
CVE-2026-23672Same product: Microsoft Windows 10 1607
CVE-2026-25175Same product: Microsoft Windows 10 1607
CVE-2025-24059Same product: Microsoft Windows 10 1507
CVE-2025-24050Same product: Microsoft Windows 10 1607
CVE-2026-26153Same product: Microsoft Windows 10 1809
CVE-2025-24048Same product: Microsoft Windows 10 1607
CVE-2025-21420Same product: Microsoft Windows 10 1507

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21073 · ≤ 10.0.10240.21073
microsoft
windows 10 1607
≤ 10.0.14393.8246 · ≤ 10.0.14393.8246
microsoft
windows 10 1809
≤ 10.0.17763.7558 · ≤ 10.0.17763.7558
microsoft
windows 10 21h2
≤ 10.0.19044.6093
microsoft
windows 10 22h2
≤ 10.0.19045.6093
microsoft
windows 11 22h2
≤ 10.0.22621.5624
microsoft
windows 11 23h2
≤ 10.0.22631.5624
microsoft
windows 11 24h2
≤ 10.0.26100.4652
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.8246
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely identification, reporting, and correction of the out-of-bounds read flaw in Microsoft IME via vendor patches directly prevents exploitation of CVE-2025-49687.

prevent

Memory protection mechanisms such as DEP, ASLR, and stack canaries mitigate unauthorized memory access from the IME out-of-bounds read, hindering privilege escalation.

prevent

Enforcing least privilege limits the scope and impact of local low-privileged attackers exploiting the IME vulnerability for privilege escalation.

References