CVE-2025-49667 is a vulnerability identified in Microsoft Windows 10 Version 1507 (build 10240), specifically within the Win32K subsystem's ICOMP component. The issue is a double free vulnerability (CWE-415), where the system erroneously frees the same memory twice, leading to memory corruption. This flaw can be exploited by an attacker with authorized local access to elevate their privileges on the affected system. The vulnerability does not require user interaction and has a low attack complexity, making exploitation feasible for local attackers with limited privileges. The CVSS v3.1 base score is 7.8, reflecting high severity with impacts on confidentiality, integrity, and availability (all rated high). The vulnerability allows attackers to execute arbitrary code with elevated privileges, potentially leading to full system compromise. No public exploits or patches are currently available, and the affected Windows 10 version is an early release that Microsoft no longer supports. The flaw resides in a core kernel component responsible for window management, increasing the risk of system instability or compromise if exploited.

The primary impact of CVE-2025-49667 is local privilege escalation, enabling attackers with limited access to gain SYSTEM-level privileges. This can lead to unauthorized access to sensitive data, installation of persistent malware, disabling of security controls, and full control over the affected system. Organizations running Windows 10 Version 1507, particularly in environments where local access is possible (e.g., shared workstations, development machines, or terminals), face significant risk. The vulnerability threatens confidentiality by exposing sensitive information, integrity by allowing unauthorized code execution or system modifications, and availability by potentially causing system crashes or denial of service. Although exploitation requires local access, the ease of exploitation and high impact make this a critical concern for legacy systems. The lack of patches and known exploits suggests a window of exposure until remediation is available or systems are upgraded.

Given the absence of patches, the most effective mitigation is to upgrade affected systems to a supported and fully patched version of Windows 10 or later. Organizations should inventory their environments to identify any systems still running Windows 10 Version 1507 and prioritize their upgrade or decommissioning. Restrict local access to trusted users only and enforce strict access controls to minimize the risk of exploitation. Employ endpoint detection and response (EDR) solutions to monitor for suspicious activity indicative of privilege escalation attempts. Disable or limit use of legacy components or features related to Win32K if possible, through group policies or system configuration. Regularly audit user privileges and remove unnecessary local accounts to reduce the attack surface. Finally, maintain robust backup and recovery procedures to mitigate the impact of potential exploitation.