CVE-2025-26648 | THREATINT

Description

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-02-12 | Published 2025-04-08 | Updated 2026-02-13 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-591: Sensitive Data Storage in Improperly Locked Memory

CWE-416: Use After Free

Product status

10.0.10240.0 (custom) before 10.0.10240.20978

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.19044.0 (custom) before 10.0.19044.5737

affected

10.0.19045.0 (custom) before 10.0.19045.5737

affected

10.0.22621.0 (custom) before 10.0.22621.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.22631.0 (custom) before 10.0.22631.5189

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.1.7601.0 (custom) before 6.1.7601.27670

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.2.9200.0 (custom) before 6.2.9200.25423

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

6.3.9600.0 (custom) before 6.3.9600.22523

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.14393.0 (custom) before 10.0.14393.7969

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.17763.0 (custom) before 10.0.17763.7136

affected

10.0.20348.0 (custom) before 10.0.20348.3453

affected

10.0.25398.0 (custom) before 10.0.25398.1551

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

10.0.26100.0 (custom) before 10.0.26100.3775

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26648 (Windows Kernel Elevation of Privilege Vulnerability) vendor-advisory patch

cve.org (CVE-2025-26648)

nvd.nist.gov (CVE-2025-26648)

Download JSON