CVE-2025-47975: CWE-415: Double Free in Microsoft Windows 10 Version 1809
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
AI Analysis
Technical Summary
CVE-2025-47975 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0), specifically within the Windows Simple Service Discovery Protocol (SSDP) Service. The vulnerability is classified as a double free (CWE-415), where the system erroneously attempts to free the same memory location twice. This flaw can lead to memory corruption, which attackers can exploit to execute arbitrary code or escalate privileges. In this case, the vulnerability allows an authorized local attacker with low privileges to elevate their privileges on the affected system. The attack vector requires local access (AV:L), and the attack complexity is high (AC:H), meaning exploitation demands specific conditions or expertise. No user interaction is needed (UI:N), and the scope is unchanged (S:U), indicating the vulnerability affects only the vulnerable component without impacting other system components. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), suggesting that successful exploitation could allow full control over the system, including access to sensitive data, modification of system files, and disruption of services. Although no known exploits are currently reported in the wild, the vulnerability's nature and impact make it a significant risk, especially on systems still running this older Windows 10 version. The lack of publicly available patches at the time of publication increases the urgency for mitigation and monitoring.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, particularly in environments where Windows 10 Version 1809 remains in use, such as legacy systems or specialized industrial setups. Successful exploitation could enable attackers to gain elevated privileges, potentially leading to unauthorized access to sensitive corporate data, disruption of critical business processes, and lateral movement within networks. This risk is heightened in sectors with stringent data protection requirements, such as finance, healthcare, and government, where breaches could result in regulatory penalties under GDPR and damage to reputation. Additionally, the vulnerability could be leveraged by insider threats or malware that gains initial local access, amplifying the potential damage. The absence of known exploits in the wild currently offers a window for proactive defense, but organizations should not be complacent given the high impact and ease of privilege escalation once local access is obtained.
Mitigation Recommendations
European organizations should prioritize upgrading or patching systems running Windows 10 Version 1809 to the latest supported Windows version or security update as soon as Microsoft releases a patch for CVE-2025-47975. In the interim, organizations should implement strict access controls to limit local user privileges and restrict access to systems running this vulnerable version. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect anomalous behavior indicative of exploitation attempts. Network segmentation should be used to isolate critical systems and reduce the risk of lateral movement. Regularly auditing and monitoring logs for unusual activity related to the SSDP service or memory corruption events can provide early warning signs. Additionally, disabling or restricting the SSDP service where it is not required can reduce the attack surface. Organizations should also ensure that all users follow the principle of least privilege to minimize the impact of any local compromise.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-47975: CWE-415: Double Free in Microsoft Windows 10 Version 1809
Description
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
AI-Powered Analysis
Technical Analysis
CVE-2025-47975 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0), specifically within the Windows Simple Service Discovery Protocol (SSDP) Service. The vulnerability is classified as a double free (CWE-415), where the system erroneously attempts to free the same memory location twice. This flaw can lead to memory corruption, which attackers can exploit to execute arbitrary code or escalate privileges. In this case, the vulnerability allows an authorized local attacker with low privileges to elevate their privileges on the affected system. The attack vector requires local access (AV:L), and the attack complexity is high (AC:H), meaning exploitation demands specific conditions or expertise. No user interaction is needed (UI:N), and the scope is unchanged (S:U), indicating the vulnerability affects only the vulnerable component without impacting other system components. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), suggesting that successful exploitation could allow full control over the system, including access to sensitive data, modification of system files, and disruption of services. Although no known exploits are currently reported in the wild, the vulnerability's nature and impact make it a significant risk, especially on systems still running this older Windows 10 version. The lack of publicly available patches at the time of publication increases the urgency for mitigation and monitoring.
Potential Impact
For European organizations, this vulnerability poses a substantial risk, particularly in environments where Windows 10 Version 1809 remains in use, such as legacy systems or specialized industrial setups. Successful exploitation could enable attackers to gain elevated privileges, potentially leading to unauthorized access to sensitive corporate data, disruption of critical business processes, and lateral movement within networks. This risk is heightened in sectors with stringent data protection requirements, such as finance, healthcare, and government, where breaches could result in regulatory penalties under GDPR and damage to reputation. Additionally, the vulnerability could be leveraged by insider threats or malware that gains initial local access, amplifying the potential damage. The absence of known exploits in the wild currently offers a window for proactive defense, but organizations should not be complacent given the high impact and ease of privilege escalation once local access is obtained.
Mitigation Recommendations
European organizations should prioritize upgrading or patching systems running Windows 10 Version 1809 to the latest supported Windows version or security update as soon as Microsoft releases a patch for CVE-2025-47975. In the interim, organizations should implement strict access controls to limit local user privileges and restrict access to systems running this vulnerable version. Employing application whitelisting and endpoint detection and response (EDR) solutions can help detect anomalous behavior indicative of exploitation attempts. Network segmentation should be used to isolate critical systems and reduce the risk of lateral movement. Regularly auditing and monitoring logs for unusual activity related to the SSDP service or memory corruption events can provide early warning signs. Additionally, disabling or restricting the SSDP service where it is not required can reduce the attack surface. Organizations should also ensure that all users follow the principle of least privilege to minimize the impact of any local compromise.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-05-14T14:13:13.466Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686d50d36f40f0eb72f91afb
Added to database: 7/8/2025, 5:09:39 PM
Last enriched: 8/7/2025, 12:45:24 AM
Last updated: 8/14/2025, 8:43:25 AM
Views: 15
Related Threats
CVE-2025-9016: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8451: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdevteam Essential Addons for Elementor – Popular Elementor Templates & Widgets
MediumCVE-2025-8013: CWE-918 Server-Side Request Forgery (SSRF) in quttera Quttera Web Malware Scanner
LowCVE-2025-6679: CWE-434 Unrestricted Upload of File with Dangerous Type in bitpressadmin Bit Form – Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder
CriticalCVE-2025-9013: SQL Injection in PHPGurukul Online Shopping Portal Project
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.