Cyber Resilience

CVE-2025-49724

High

Published: 08 July 2025

Published
08 July 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0126 79.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49724 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability CVE-2025-49724 is a use-after-free condition, identified as CWE-416, in the Windows Connected Devices Platform Service. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can trigger the flaw over a network to achieve arbitrary code execution on the affected Windows system.

Mitigation guidance is available in the Microsoft advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724. The EPSS score remains low, with a recorded peak of 0.0192 and current value of 0.0126.

EU & UK References

Vulnerability details

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Use-after-free RCE in client Windows service with network vector and required user interaction directly maps to client-side exploitation for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32157Same product: Microsoft Windows 10 1809
CVE-2025-21367Same product: Microsoft Windows 10 1809
CVE-2026-20923Same product: Microsoft Windows 10 1809
CVE-2025-62221Same product: Microsoft Windows 10 1809
CVE-2026-20865Same product: Microsoft Windows 10 1809
CVE-2025-21239Same product: Microsoft Windows 10 1809
CVE-2026-40415Same product: Microsoft Windows 10 1809
CVE-2026-24292Same product: Microsoft Windows 10 1809
CVE-2026-33835Same product: Microsoft Windows 10 1809
CVE-2026-32078Same product: Microsoft Windows 10 1809

Affected Assets

microsoft
windows 10 1809
≤ 10.0.17763.7558 · ≤ 10.0.17763.7558
microsoft
windows 10 21h2
≤ 10.0.19044.6093
microsoft
windows 10 22h2
≤ 10.0.19045.6093
microsoft
windows 11 22h2
≤ 10.0.22621.5624
microsoft
windows 11 23h2
≤ 10.0.22631.5624
microsoft
windows 11 24h2
≤ 10.0.26100.4652
microsoft
windows server 2019
≤ 10.0.17763.7558
microsoft
windows server 2022
≤ 10.0.20348.3932
microsoft
windows server 2022 23h2
≤ 10.0.25398.1732
microsoft
windows server 2025
≤ 10.0.26100.4652

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely installation of Microsoft patches directly remediates the use-after-free vulnerability in Windows Connected Devices Platform Service.

prevent

Memory protection safeguards like DEP and ASLR prevent successful arbitrary code execution from use-after-free exploits.

preventdetect

Malicious code protection mechanisms block or detect the malicious content used to trigger remote exploitation of the vulnerability.

References