CVE-2025-53149
Published: 12 August 2025
Summary
CVE-2025-53149 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 10.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2025-53149 is a heap-based buffer overflow vulnerability, tracked under CWE-122, that affects the Kernel Streaming WOW Thunk Service Driver. The flaw carries a CVSS 3.1 score of 7.8 and was published on 12 August 2025.
An attacker who already possesses local access and a low-privileged authorized account can exploit the issue without user interaction to elevate privileges on the host, resulting in high impact to confidentiality, integrity, and availability.
The current EPSS score of 0.0428 has remained flat at its recorded peak, indicating no material increase in observed exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24319
Vulnerability details
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.