CVE-2025-59191 | THREATINT

Description

Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-09-10 | Published 2025-10-14 | Updated 2025-11-22 | Assigner microsoft

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.20348.0 (custom) before 10.0.20348.4294

affected

10.0.19044.0 (custom) before 10.0.19044.6456

affected

10.0.22621.0 (custom) before 10.0.22621.6060

affected

10.0.19045.0 (custom) before 10.0.19045.6456

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.22631.0 (custom) before 10.0.22631.6060

affected

10.0.22631.0 (custom) before 10.0.22631.6060

affected

10.0.25398.0 (custom) before 10.0.25398.1913

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.26200.0 (custom) before 10.0.26200.6899

affected

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59191 (Windows Connected Devices Platform Service Elevation of Privilege Vulnerability) vendor-advisory

Download JSON