CVE-2025-64673 is a vulnerability classified under CWE-284 (Improper Access Control) affecting the Storvsp.sys driver in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw allows an attacker who already has some level of authorized local access to escalate their privileges to higher levels, potentially SYSTEM or administrative rights. The vulnerability arises from insufficient access control checks within the Storvsp.sys driver, which is part of the storage virtualization stack in Windows. Because the attacker must be authorized locally, remote exploitation is not feasible without prior access. The vulnerability does not require user interaction, increasing its risk in environments where local access is possible. The CVSS v3.1 base score is 7.8, indicating high severity, with metrics AV:L (local attack vector), AC:L (low attack complexity), PR:L (low privileges required), UI:N (no user interaction), and impacts rated high on confidentiality, integrity, and availability. No public exploits or patches have been reported at the time of publication, but the vulnerability is officially recognized and published by Microsoft. This flaw could be leveraged by attackers to bypass security controls, install persistent malware, or disrupt system operations by gaining elevated privileges.

The vulnerability poses a significant risk to organizations running Windows 10 Version 1809, especially those that have not upgraded or patched legacy systems. Successful exploitation allows attackers with limited local privileges to gain elevated rights, potentially full administrative control. This can lead to unauthorized access to sensitive data, installation of persistent malware, disruption of critical services, and compromise of system integrity and availability. Environments such as enterprise networks, government agencies, healthcare, and financial institutions that rely on legacy Windows 10 systems are particularly vulnerable. The impact extends to insider threats or attackers who gain initial foothold through other means (e.g., phishing, physical access). The lack of required user interaction and low complexity of exploitation increase the likelihood of successful attacks once local access is obtained. Although no exploits are currently known in the wild, the vulnerability’s characteristics make it a prime candidate for future exploitation, especially in targeted attacks.

1. Apply security updates and patches from Microsoft as soon as they become available for Windows 10 Version 1809 to remediate the vulnerability in Storvsp.sys. 2. Restrict local access to systems running this Windows version by enforcing strict access controls, limiting user accounts with local login rights, and using endpoint protection solutions. 3. Implement application whitelisting and privilege management to reduce the risk of unauthorized privilege escalation. 4. Monitor system logs and security events for unusual privilege escalation attempts or suspicious activity related to the Storvsp.sys driver. 5. Consider upgrading affected systems to a supported and more recent Windows version with ongoing security support. 6. Employ network segmentation and least privilege principles to limit the impact of potential local compromises. 7. Educate users and administrators about the risks of local privilege escalation and ensure physical security controls are in place to prevent unauthorized local access.