CVE-2025-49675 is a high-severity use-after-free vulnerability identified in the Kernel Streaming WOW Thunk Service Driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability arises from improper handling of memory in the kernel streaming subsystem, specifically related to the WOW (Windows on Windows) thunking service driver, which is responsible for compatibility and communication between 32-bit and 64-bit components. The use-after-free condition occurs when the driver attempts to access memory that has already been freed, leading to undefined behavior that can be exploited by an authorized local attacker to escalate privileges. The attacker must have local access with some level of privileges (low privileges) but does not require user interaction to exploit this vulnerability. The CVSS v3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and low privileges required. Although no known exploits are currently reported in the wild, the vulnerability's nature and impact make it a significant risk. Exploitation could allow an attacker to execute arbitrary code in kernel mode, potentially gaining SYSTEM-level privileges, bypassing security controls, and compromising the entire system. Given that Windows 10 Version 1809 is an older release, organizations still running this version are at risk if unpatched. The lack of published patches at the time of disclosure increases the urgency for mitigation and risk management.

For European organizations, this vulnerability poses a serious threat, particularly to those with legacy systems running Windows 10 Version 1809. Successful exploitation could lead to full system compromise, enabling attackers to access sensitive data, disrupt operations, or deploy further malware such as ransomware. Critical infrastructure, government agencies, financial institutions, and enterprises relying on this Windows version are especially vulnerable. The ability to escalate privileges locally means that insider threats or attackers who gain initial foothold through other means could leverage this flaw to gain complete control. This could result in data breaches, operational downtime, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The absence of known exploits in the wild currently provides a window for proactive defense, but the high severity score indicates that threat actors may develop exploits rapidly. The impact is magnified in environments where patching is delayed or where legacy applications prevent upgrading the OS.

Given the absence of an official patch at the time of disclosure, European organizations should implement the following specific mitigations: 1) Immediately identify and inventory all systems running Windows 10 Version 1809 to assess exposure. 2) Restrict local user privileges to the minimum necessary, especially limiting access to users who do not require kernel-level operations. 3) Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious activities indicative of privilege escalation attempts. 4) Use virtualization-based security features and kernel-mode code integrity (KMCI) where available to harden the kernel against unauthorized code execution. 5) Isolate legacy systems from critical network segments to reduce lateral movement risk. 6) Prepare for rapid deployment of patches once released by Microsoft, including testing and validation in controlled environments. 7) Educate IT staff and users about the risks of local privilege escalation vulnerabilities and enforce strict access controls. 8) Consider upgrading affected systems to a supported and patched Windows version to eliminate exposure to this and similar vulnerabilities.