CVE-2025-62461
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows | * |
| microsoft | windows_10_1809 | to 10.0.17763.8146 (inc) |
| microsoft | windows_10_21h2 | to 10.0.19044.6691 (inc) |
| microsoft | windows_10_22h2 | to 10.0.19045.6691 (inc) |
| microsoft | windows_11_23h2 | to 10.0.22631.6345 (inc) |
| microsoft | windows_server_2019 | to 10.0.17763.8146 (inc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.2025 (inc) |
| microsoft | windows_11_24h2 | to 10.0.26100.7392 (inc) |
| microsoft | windows_11_25h2 | to 10.0.26200.7392 (inc) |
| microsoft | windows_server_2025 | to 10.0.26100.7392 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer over-read in the Windows Projected File System Filter Driver. It allows an authorized attacker to read beyond the intended buffer boundaries, which can lead to elevation of privileges locally on the affected system.
How can this vulnerability impact me? :
An attacker who is already authorized on the system could exploit this vulnerability to elevate their privileges, potentially gaining higher-level access and control over the system, which could lead to unauthorized actions and compromise of system integrity.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Microsoft for this vulnerability as soon as possible to mitigate the risk of privilege escalation. Ensure that your Windows systems are updated to the latest patches available from Microsoft. [1]