CVE-2025-24983 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-03-11

Added to CISA KEV: 2025-03-11 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply Microsoft security updates immediately for affected Windows versions
Monitor for unusual privilege escalation activities and unauthorized system access
Review user access controls and implement principle of least privilege
Consider upgrading from legacy Windows versions (2008, 2012) to supported versions
Implement endpoint detection and response (EDR) solutions to detect kernel exploitation attempts

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24983 is a critical elevation of privilege vulnerability residing in the Windows Win32 Kernel Subsystem ^[4] ^[1].

Exploitation and Threat Actor Usage

Active Exploitation: The vulnerability has been confirmed as exploited in the wild ^[3].
Threat Actor Usage: It has been linked to the PipeMagic trojan, which has utilized this flaw to facilitate malicious activity ^[3].
Targeted Attacks: Due to its inclusion in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog, it is considered a significant threat requiring immediate remediation ^[2] ^[1].

Attack Method and Requirements

Vulnerability Type: It is classified as a "use-after-free" vulnerability, involving a race condition within the Windows kernel subsystem ^[1] ^[5].
Exploitation Requirements: The attack is performed locally ^[4]. It requires the attacker to be an authenticated user on the system to initiate the exploit ^[1].

Impact

Access Level: Successful exploitation allows an attacker to elevate their privileges to SYSTEM-level access ^[1]. This provides the highest level of control over the compromised machine.

Patch and Mitigation Status

Status: Microsoft addressed this vulnerability in its security updates released in March 2025 ^[3].
Mitigation: Users were strongly urged to apply the relevant security patches immediately upon release to mitigate the risk of exploitation ^[1]. Organizations should verify their systems are updated and consult the CISA KEV catalog for ongoing guidance ^[2].

Sources

CVE-2025-24983 - Exploits & Severity - Feedly
Impact. An authenticated attacker can potentially gain SYSTEM-level access by exploiting a race condition in the Windows kernel subsystem. ... CVE-2025-24983 is a critical elevation of privilege vulnerability in the Windows Win32 Kernel Subsystem, which has been added to CISA's Known Exploited Vulne…
NVD - CVE-2025-24983
An official website of the United States government NVD MENU ... Microsoft Corporation. Patch Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24983.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and require…
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy...
It's worth mentioning here that CVE-2025-29824 is the second Windows zero-day flaw to be delivered via PipeMagic after CVE-2025-24983, a Windows Win32 Kernel Subsystem privilege escalation bug, which was flagged by ESET and patched by Microsoft last month. Previously, PipeMagic was also observed in…
CVE-2025-24983 Detail - NVD
CVE-2025-24983 Detail Description Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2025-24983 - Use-After-Free in Windows Win32 Kernel Gives Local ...
CVE-2025-24983 is a critical vulnerability discovered in the Win32 kernel subsystem of Microsoft Windows. This flaw is classified as a "use-after-free", meaning memory that’s been freed is still used by the system — opening a dangerous window for attackers.

🟢 CVE-2025-24983