CVE-2025-24988 is a security vulnerability identified in the Microsoft Windows 10 Version 1809 operating system, specifically affecting the Windows USB Video Driver. The vulnerability is classified as an out-of-bounds read (CWE-125), which occurs when the software reads data outside the boundaries of allocated memory. This flaw can be exploited by an authorized attacker with physical access to the affected system to elevate their privileges. The attack vector requires physical access (AV:P), but the attack complexity is low (AC:L), and the attacker must have low-level privileges (PR:L) on the system. No user interaction is required (UI:N) for exploitation. The vulnerability impacts confidentiality, integrity, and availability, all rated as high (C:H/I:H/A:H) in the CVSS vector. The scope remains unchanged (S:U), meaning the vulnerability affects resources managed by the same security authority. The vulnerability has been assigned a CVSS v3.1 base score of 6.6, indicating a medium severity level. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk due to the potential for privilege escalation through physical access, which could allow an attacker to gain higher system privileges and potentially compromise the system further. The lack of available patches at the time of publication increases the urgency for mitigation. This vulnerability is particularly relevant for environments where Windows 10 Version 1809 is still in use and where physical security may be less stringent, such as shared or public workstations.

For European organizations, this vulnerability poses a moderate risk primarily in scenarios where physical access to devices running Windows 10 Version 1809 is possible. Organizations with legacy systems or those that have not upgraded beyond this Windows version are at risk. Successful exploitation could lead to privilege escalation, enabling attackers to bypass security controls, access sensitive data, or disrupt system operations. This could impact confidentiality, integrity, and availability of critical information systems. Sectors such as government, finance, healthcare, and critical infrastructure, which often handle sensitive data and may have legacy systems, could face increased risk. Additionally, organizations with shared work environments or public access terminals are vulnerable to physical attacks exploiting this flaw. The medium severity rating suggests that while the vulnerability is serious, it requires specific conditions (physical access and existing low-level privileges) to be exploited, somewhat limiting its widespread impact. However, the potential for high-impact consequences necessitates proactive measures to mitigate risk.

European organizations should prioritize upgrading systems from Windows 10 Version 1809 to a more recent, supported Windows version where this vulnerability is addressed. Until upgrades are feasible, strict physical security controls must be enforced to prevent unauthorized physical access to devices, including secure storage, access logging, and surveillance. Implementing endpoint security solutions that monitor for unusual privilege escalation attempts can help detect exploitation attempts. Organizations should also review and tighten user privilege assignments to minimize the number of users with low-level privileges that could be leveraged for exploitation. Regular audits of device inventory to identify systems running the affected version are critical. Since no patches are currently available, organizations should monitor Microsoft security advisories for updates and apply patches promptly once released. Additionally, disabling or restricting use of USB video devices where not necessary can reduce the attack surface. Employing full disk encryption can mitigate data confidentiality risks in case of physical device compromise.