CVE-2025-24987 is a vulnerability classified as CWE-125 (Out-of-bounds Read) found in the Windows USB Video Driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw arises when the driver improperly handles memory boundaries during USB video device interactions, allowing an attacker with authorized access and physical proximity to the device to read memory beyond allocated buffers. This out-of-bounds read can lead to elevation of privileges by corrupting or leaking sensitive kernel memory, enabling the attacker to execute code with higher privileges than initially granted. The attack vector requires physical access to the machine, but no user interaction is needed once access is obtained. The vulnerability affects confidentiality, integrity, and availability of the system, as it can lead to unauthorized access and control over the affected device. The CVSS v3.1 score is 6.6, indicating medium severity, with attack vector being physical (AV:P), low attack complexity (AC:L), and requiring low privileges (PR:L). No known exploits have been reported in the wild, and no official patches have been released at the time of publication. The vulnerability is particularly relevant for environments where legacy Windows 10 1809 systems remain in use, especially in sectors requiring high security such as government, finance, and critical infrastructure. The lack of patches necessitates immediate mitigation strategies to reduce risk.

For European organizations, this vulnerability poses a significant risk primarily in environments where Windows 10 Version 1809 is still operational, such as legacy systems in industrial control, healthcare, and government sectors. The ability for an attacker with physical access to elevate privileges could lead to unauthorized access to sensitive data, disruption of services, or full system compromise. This is especially critical in organizations with high-value assets or sensitive information. The physical access requirement limits remote exploitation but does not eliminate risk in scenarios such as insider threats, supply chain attacks, or environments with less stringent physical security controls. The impact on confidentiality, integrity, and availability is high if exploited, potentially leading to data breaches, operational downtime, or further lateral movement within networks.

1. Upgrade affected systems to a supported and patched version of Windows, preferably Windows 10 versions later than 1809 or Windows 11, as soon as possible. 2. Implement strict physical security controls to prevent unauthorized access to devices, including secure facilities and locked hardware. 3. Disable or restrict USB ports where possible, especially on systems handling sensitive data, to reduce attack surface. 4. Employ endpoint security solutions capable of detecting anomalous device driver behavior or privilege escalation attempts. 5. Conduct regular audits of legacy systems and develop a phased plan to retire unsupported operating systems. 6. Educate staff on the risks of physical device access and enforce policies regarding device handling and access control. 7. Monitor system logs for unusual activity indicative of privilege escalation or device driver exploitation attempts.