CVE-2025-47975 is a high-severity vulnerability identified as a double free condition (CWE-415) in the Windows SSDP (Simple Service Discovery Protocol) Service on Microsoft Windows 10 Version 1809 (build 10.0.17763.0). A double free vulnerability occurs when a program attempts to free a region of memory more than once, which can lead to memory corruption, crashes, or arbitrary code execution. In this case, the flaw exists in the SSDP service, a component responsible for network device discovery using UPnP protocols. The vulnerability allows an authorized local attacker—meaning the attacker must have some level of access to the system—to exploit this double free condition to elevate privileges on the affected machine. The CVSS v3.1 base score is 7.0, indicating a high severity, with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access, high attack complexity, low privileges, no user interaction, unchanged scope, and impacts confidentiality, integrity, and availability to a high degree. No known exploits are currently reported in the wild, and no patches or mitigation links have been published yet. The vulnerability was reserved in May 2025 and published in July 2025, indicating it is a recent discovery. The affected version is specifically Windows 10 Version 1809, which is an older Windows 10 release from late 2018, but still in use in some environments. The vulnerability's exploitation could allow attackers to gain elevated privileges, potentially leading to full system compromise, installation of persistent malware, or lateral movement within a network. Given the nature of the SSDP service, which is network-facing, the vulnerability could be leveraged in multi-user or shared environments where local access is possible.

For European organizations, the impact of CVE-2025-47975 can be significant, especially in sectors where legacy Windows 10 Version 1809 systems remain operational, such as manufacturing, healthcare, or government agencies with slower upgrade cycles. Privilege escalation vulnerabilities enable attackers who have limited access to escalate their rights, potentially gaining administrative control over affected systems. This can lead to data breaches, disruption of critical services, and compromise of sensitive information protected under regulations like GDPR. The high impact on confidentiality, integrity, and availability means that attackers could exfiltrate data, alter system configurations, or cause denial of service. Additionally, since the vulnerability affects a core Windows service, exploitation could facilitate the deployment of ransomware or other malware, which has been a persistent threat in Europe. The lack of known exploits in the wild currently reduces immediate risk, but the presence of a public CVE and high severity score means attackers may develop exploits soon, increasing urgency for mitigation. Organizations with remote or hybrid work environments might be at increased risk if local access can be obtained through remote desktop or other means.

Given the absence of an official patch at the time of this report, European organizations should implement several specific mitigations: 1) Restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls and limiting administrative privileges to trusted personnel only. 2) Disable or restrict the Windows SSDP Service where it is not required, as this reduces the attack surface by removing the vulnerable component. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts or memory corruption behaviors indicative of exploitation. 4) Ensure all systems are regularly updated and plan for an upgrade from Windows 10 Version 1809 to a supported and patched Windows version, as this version is nearing or past end-of-support status. 5) Conduct internal audits to identify any legacy systems still running the affected version and prioritize their remediation. 6) Implement network segmentation to limit the ability of an attacker who gains local access to move laterally within the network. 7) Educate users and administrators about the risks of privilege escalation vulnerabilities and the importance of maintaining strict local access policies. These steps go beyond generic advice by focusing on the specific service and version affected, as well as operational controls tailored to the vulnerability's characteristics.