CVE-2025-49724
Published: 08 July 2025
Summary
CVE-2025-49724 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability CVE-2025-49724 is a use-after-free condition, identified as CWE-416, in the Windows Connected Devices Platform Service. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low attack complexity, no required privileges, and required user interaction, with high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can trigger the flaw over a network to achieve arbitrary code execution on the affected Windows system.
Mitigation guidance is available in the Microsoft advisory published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49724. The EPSS score remains low, with a recorded peak of 0.0192 and current value of 0.0126.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20548
Vulnerability details
Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free RCE in client Windows service with network vector and required user interaction directly maps to client-side exploitation for code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely installation of Microsoft patches directly remediates the use-after-free vulnerability in Windows Connected Devices Platform Service.
Memory protection safeguards like DEP and ASLR prevent successful arbitrary code execution from use-after-free exploits.
Malicious code protection mechanisms block or detect the malicious content used to trigger remote exploitation of the vulnerability.