CVE-2025-49687
Published: 08 July 2025
Summary
CVE-2025-49687 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 35.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, reporting, and correction of the out-of-bounds read flaw in Microsoft IME via vendor patches directly prevents exploitation of CVE-2025-49687.
Memory protection mechanisms such as DEP, ASLR, and stack canaries mitigate unauthorized memory access from the IME out-of-bounds read, hindering privilege escalation.
Enforcing least privilege limits the scope and impact of local low-privileged attackers exploiting the IME vulnerability for privilege escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via OOB read in IME component.
NVD Description
Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2025-49687 is an out-of-bounds read vulnerability (CWE-125) affecting the Microsoft Input Method Editor (IME). Published on 2025-07-08, it carries a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with relatively low barriers to exploitation.
A local attacker with low privileges (PR:L) can exploit this vulnerability through local access (AV:L) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables privilege escalation, resulting in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) along with a change in scope (S:C), potentially allowing the attacker to gain elevated control over the affected system.
Mitigation details and patches are outlined in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49687. Security practitioners should consult this resource for specific remediation steps.
Details
- CWE(s)