CVE-2025-24987 is a vulnerability classified as CWE-125 (Out-of-bounds Read) found in the Windows USB Video Driver component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). This vulnerability arises when the driver improperly handles memory boundaries, allowing an attacker with authorized access and physical proximity to the device to read memory outside the intended buffer. This out-of-bounds read can lead to elevation of privileges by corrupting or leaking sensitive data, enabling the attacker to execute code with higher privileges than initially granted. The vulnerability does not require user interaction but does require the attacker to have some level of access to the system and physical presence to exploit the USB video driver. The CVSS 3.1 base score is 6.6, indicating a medium severity level, with attack vector being physical (AV:P), low attack complexity (AC:L), and privileges required (PR:L). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No known exploits have been reported in the wild, and no patches have been linked yet. The vulnerability was reserved on January 30, 2025, and published on March 11, 2025. Given the affected product is an early Windows 10 version, which is largely out of mainstream support, many systems may remain unpatched, increasing risk in environments where legacy systems persist.

For European organizations, the impact of CVE-2025-24987 is significant primarily in environments where Windows 10 Version 1507 is still in use, especially in sectors with high physical device exposure such as manufacturing, healthcare, education, and public institutions. The vulnerability allows an attacker with physical access and some privileges to escalate their rights, potentially leading to full system compromise. This can result in unauthorized data access, disruption of critical services, and potential lateral movement within networks. Confidentiality is at risk due to possible memory leaks; integrity and availability are also threatened by potential code execution and system instability. Although the attack requires physical access, environments with shared workstations, kiosks, or poorly secured devices are particularly vulnerable. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Legacy systems in European countries with slower upgrade cycles or budget constraints are more exposed, increasing the risk to critical infrastructure and sensitive data.

1. Upgrade all affected systems from Windows 10 Version 1507 to a supported and fully patched Windows version to eliminate the vulnerability. 2. Implement strict physical security controls to prevent unauthorized physical access to devices, including secure areas, locked rooms, and surveillance. 3. Restrict USB device usage through group policies or endpoint security solutions to limit exposure to USB driver vulnerabilities. 4. Employ device control software to monitor and block unauthorized USB devices and drivers. 5. Regularly audit and monitor system logs for unusual privilege escalation attempts or driver-related errors. 6. Use application whitelisting and endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. 7. Educate users and administrators about the risks of legacy systems and the importance of timely upgrades and physical security. 8. If upgrading immediately is not feasible, isolate legacy systems from critical networks and sensitive data to reduce impact scope.