CVE-2025-27467:
Local privilege escalation (CWE-416) in Windows Digital Media that can be exploited by an authenticated local user to elevate privileges on affected Windows 10/11 and Windows Server platforms via a use-after-free flaw (CVE-2025-27467).
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.8High- Published Date:Apr 8, 2025
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.4
- EPSS Percentile:62%
Exploitability
- Score:1.8
- Attack Vector:LOCAL
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Local privilege escalation (CWE-416) in Windows Digital Media that can be exploited by an authenticated local user to elevate privileges on affected Windows 10/11 and Windows Server platforms via a use-after-free flaw (CVE-2025-27467).
Overview
This CVE describes a use-after-free vulnerability in Windows Digital Media that enables a locally authenticated attacker to elevate privileges on affected systems. Classified as CWE-416, the flaw has a high severity with a CVSS v3.1 base score of 7.8. The affected product set spans multiple Windows releases and architectures, including Windows 10, Windows 11, Windows Server 2019/2022/2025, and corresponding server core installations. The exploitation requires local access and does not require user interaction, but it does demand that the attacker have valid logon credentials. Microsoft has provided an advisory and patch guidance to mitigate the risk.
Remediation
- Apply the Microsoft security updates that fix CVE-2025-27467. Deploy the patched builds to all affected endpoints and servers using your standard update channels (Windows Update, WSUS, Intune, or SCCM). Ensure devices are updated to a version where the vulnerability is fixed (post-patch builds as specified by the Microsoft advisory).
- Validate patch deployment. Run inventory and vulnerability management scans to confirm the CVE is no longer present on devices. Reboot systems if the patch requires it.
- Enforce updates in your environment:
- Enable and enforce automatic updates where appropriate.
- For enterprises, use WSUS/Intune/SCCM to push the update broadly and promptly.
- Post-deployment verification:
- Re-scan for CVE-2025-27467 to verify patch effectiveness.
- Monitor for any adverse compatibility issues and address them through standard change management processes.
- If immediate patching is not possible, implement mitigations to reduce exposure:
- Limit local access and accounts with elevated privileges.
- Minimize the use of media-related features or components if feasible in your environment.
- Ensure defenses and monitoring are in place to detect suspicious local privilege escalation activity and respond promptly.
- Monitor Microsoft advisories for any additional guidance, out-of-band fixes, or revised mitigation recommendations.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
