CVE-2025-58719 is a use-after-free vulnerability classified under CWE-416, found in the Connected Devices Platform Service (Cdpsvc) component of Microsoft Windows 11 Version 25H2 (build 10.0.26200.0). Use-after-free vulnerabilities occur when a program continues to use a pointer after the memory it points to has been freed, leading to undefined behavior such as crashes or arbitrary code execution. In this case, the vulnerability allows an authorized local attacker with low privileges to elevate their privileges by exploiting improper memory management in Cdpsvc. The attack vector requires local access but no user interaction, and the attack complexity is high, indicating that exploitation is non-trivial. The vulnerability impacts system availability but does not compromise confidentiality or integrity directly. Although no known exploits are currently in the wild, the vulnerability poses a risk of privilege escalation, which could be leveraged for further attacks. The vulnerability was reserved on September 3, 2025, and published on October 14, 2025. No patches have been linked yet, but Microsoft is expected to release updates to address this issue. The CVSS v3.1 score is 4.7 (medium severity), reflecting the limited scope and complexity of exploitation. The vulnerability affects Windows 11 Version 25H2, a widely deployed operating system in enterprise environments.

For European organizations, this vulnerability presents a risk of local privilege escalation on systems running Windows 11 Version 25H2. Attackers who gain low-level access—such as through compromised user accounts or insider threats—could exploit this flaw to gain higher privileges, potentially allowing them to disable security controls, install persistent malware, or disrupt system availability. This could impact critical infrastructure, government agencies, and enterprises relying on Windows 11 for daily operations. Although the vulnerability does not directly affect confidentiality or integrity, the elevation of privileges can be a stepping stone for more severe attacks. The medium severity rating and high attack complexity reduce the likelihood of widespread exploitation, but targeted attacks against high-value assets remain a concern. The lack of known exploits in the wild currently limits immediate risk, but organizations should remain vigilant. The impact on availability could cause service disruptions, affecting business continuity and operational resilience.

Organizations should prioritize deploying official patches from Microsoft once available to remediate this vulnerability. Until patches are released, restrict local access to systems running Windows 11 Version 25H2 to trusted personnel only, minimizing the risk of local exploitation. Implement strict user account controls and monitor for unusual privilege escalation attempts or suspicious activity related to the Connected Devices Platform Service. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block exploitation attempts. Regularly audit and harden local user permissions to reduce the attack surface. Additionally, consider isolating critical systems and enforcing network segmentation to limit lateral movement if an attacker gains local access. Maintain up-to-date backups and incident response plans to quickly recover from potential availability impacts. Finally, educate IT staff about this vulnerability and the importance of timely patch management.