Skip to main content

CVE-2025-49667: CWE-415: Double Free in Microsoft Windows 10 Version 1809

High
VulnerabilityCVE-2025-49667cvecve-2025-49667cwe-415
Published: Tue Jul 08 2025 (07/08/2025, 16:57:52 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

AI-Powered Analysis

AILast updated: 08/07/2025, 00:57:43 UTC

Technical Analysis

CVE-2025-49667 is a high-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw is a double free vulnerability located in the Win32K component, specifically within the ICOMP subsystem. A double free occurs when a program calls free() on the same memory address twice, which can corrupt the memory management data structures, leading to undefined behavior such as crashes, memory corruption, or arbitrary code execution. In this case, the vulnerability allows an authorized local attacker to elevate privileges on the affected system. The attacker must have some level of local access (low privileges) but does not require user interaction to exploit the flaw. The vulnerability impacts confidentiality, integrity, and availability, as it can lead to full system compromise by escalating privileges to SYSTEM or equivalent. The CVSS v3.1 base score is 7.8, indicating a high severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning local attack vector, low attack complexity, privileges required but low, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting this is a newly disclosed vulnerability. The vulnerability is categorized under CWE-415 (Double Free), a common memory management error that can be exploited for privilege escalation in Windows kernel components. Given the affected product is Windows 10 Version 1809, which is an older release, many organizations may have already moved to newer versions, but legacy systems remain at risk.

Potential Impact

For European organizations, this vulnerability poses a significant risk primarily to legacy systems still running Windows 10 Version 1809. Privilege escalation vulnerabilities in the Windows kernel are critical because they can allow attackers who have gained limited local access—through phishing, malware, or insider threats—to escalate their privileges to SYSTEM level, thereby gaining full control over the system. This can lead to data breaches, disruption of critical services, and lateral movement within enterprise networks. Sectors such as government, finance, healthcare, and critical infrastructure in Europe, which often have strict regulatory requirements and may operate legacy systems, are particularly vulnerable. The high impact on confidentiality, integrity, and availability means that sensitive personal data protected under GDPR could be exposed or manipulated, leading to regulatory penalties and reputational damage. Additionally, the lack of a patch at the time of disclosure increases the window of exposure. Although no exploits are known in the wild yet, the existence of a public CVE and detailed technical information could motivate attackers to develop exploits, increasing the threat over time.

Mitigation Recommendations

European organizations should immediately identify and inventory all systems running Windows 10 Version 1809 to assess exposure. Since no official patch is linked yet, organizations should apply the following mitigations: 1) Restrict local access to affected systems by enforcing strict access controls and limiting administrative privileges to reduce the pool of potential attackers. 2) Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. 3) Consider upgrading or migrating affected systems to a supported and patched Windows version, as Windows 10 Version 1809 is out of mainstream support and may not receive timely security updates. 4) Implement network segmentation to isolate legacy systems and limit lateral movement if compromise occurs. 5) Monitor security advisories from Microsoft closely for the release of official patches and apply them promptly. 6) Conduct user awareness training to reduce the risk of initial local access vectors such as phishing. These targeted steps go beyond generic advice by focusing on access control, detection, and system lifecycle management specific to this vulnerability and affected product version.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-06-09T17:28:52.663Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686d50d56f40f0eb72f91bd6

Added to database: 7/8/2025, 5:09:41 PM

Last enriched: 8/7/2025, 12:57:43 AM

Last updated: 8/12/2025, 12:33:54 AM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats