CVE-2025-47962: Windows SDK Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2025-Jun

Released

2025-06-10

EPSS Score

0.58% (percentile: 69.1%)

Description

Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.

FAQ

Is there more information that is available on Windows SDK? Yes. Please see: Windows SDK - Windows app development which explains the Windows SDK and advises how to install and maintain the product. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (1)

Developer Tools

• Windows SDK

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://x.com/im_whoisthatguy">whoisthatguy</a>, <a href="https://x.com/im_whoisthatguy">whoisthatguy</a>, Naor Hodorov, Kolja Grassmann with <a href="https://neodyme.io/en/">Neodyme AG</a>, Ken Kitahara with LAC Co., Ltd., Ken Kitahara with LAC Co., Ltd., <a href="https://x.com/g3tsyst3m">Robbie Corley</a>, Julian H&#228;rig

Revision History

• 2025-06-10: Information published.