Skip to main content

CVE-2025-47975: CWE-415: Double Free in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2025-47975cvecve-2025-47975cwe-415
Published: Tue Jul 08 2025 (07/08/2025, 16:57:29 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

AI-Powered Analysis

AILast updated: 08/19/2025, 00:38:54 UTC

Technical Analysis

CVE-2025-47975 is a high-severity vulnerability identified as a double free condition (CWE-415) in the Windows SSDP (Simple Service Discovery Protocol) Service on Microsoft Windows 10 Version 1809 (build 10.0.17763.0). A double free vulnerability occurs when a program attempts to free a region of memory more than once, which can lead to memory corruption, crashes, or arbitrary code execution. In this case, the flaw exists in the SSDP service, a component responsible for network device discovery using UPnP protocols. The vulnerability allows an authorized local attacker—meaning the attacker must have some level of access to the system—to exploit this double free condition to elevate privileges on the affected machine. The CVSS v3.1 base score is 7.0, indicating a high severity, with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access, high attack complexity, low privileges, no user interaction, unchanged scope, and impacts confidentiality, integrity, and availability to a high degree. No known exploits are currently reported in the wild, and no patches or mitigation links have been published yet. The vulnerability was reserved in May 2025 and published in July 2025, indicating it is a recent discovery. The affected version is specifically Windows 10 Version 1809, which is an older Windows 10 release from late 2018, but still in use in some environments. The vulnerability's exploitation could allow attackers to gain elevated privileges, potentially leading to full system compromise, installation of persistent malware, or lateral movement within a network. Given the nature of the SSDP service, which is network-facing, the vulnerability could be leveraged in multi-user or shared environments where local access is possible.

Potential Impact

For European organizations, the impact of CVE-2025-47975 can be significant, especially in sectors where legacy Windows 10 Version 1809 systems remain operational, such as manufacturing, healthcare, or government agencies with slower upgrade cycles. Privilege escalation vulnerabilities enable attackers who have limited access to escalate their rights, potentially gaining administrative control over affected systems. This can lead to data breaches, disruption of critical services, and compromise of sensitive information protected under regulations like GDPR. The high impact on confidentiality, integrity, and availability means that attackers could exfiltrate data, alter system configurations, or cause denial of service. Additionally, since the vulnerability affects a core Windows service, exploitation could facilitate the deployment of ransomware or other malware, which has been a persistent threat in Europe. The lack of known exploits in the wild currently reduces immediate risk, but the presence of a public CVE and high severity score means attackers may develop exploits soon, increasing urgency for mitigation. Organizations with remote or hybrid work environments might be at increased risk if local access can be obtained through remote desktop or other means.

Mitigation Recommendations

Given the absence of an official patch at the time of this report, European organizations should implement several specific mitigations: 1) Restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls and limiting administrative privileges to trusted personnel only. 2) Disable or restrict the Windows SSDP Service where it is not required, as this reduces the attack surface by removing the vulnerable component. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts or memory corruption behaviors indicative of exploitation. 4) Ensure all systems are regularly updated and plan for an upgrade from Windows 10 Version 1809 to a supported and patched Windows version, as this version is nearing or past end-of-support status. 5) Conduct internal audits to identify any legacy systems still running the affected version and prioritize their remediation. 6) Implement network segmentation to limit the ability of an attacker who gains local access to move laterally within the network. 7) Educate users and administrators about the risks of privilege escalation vulnerabilities and the importance of maintaining strict local access policies. These steps go beyond generic advice by focusing on the specific service and version affected, as well as operational controls tailored to the vulnerability's characteristics.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-05-14T14:13:13.466Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686d50d36f40f0eb72f91afb

Added to database: 7/8/2025, 5:09:39 PM

Last enriched: 8/19/2025, 12:38:54 AM

Last updated: 8/19/2025, 12:38:54 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats