CVE-2025-62572
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_11_24h2 | to 10.0.26100.7392 (inc) |
| microsoft | windows_11_25h2 | to 10.0.26200.7392 (inc) |
| microsoft | windows_server_2025 | to 10.0.26100.7392 (inc) |
| microsoft | application_information_services | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read in Application Information Services that allows an authorized attacker to elevate their privileges locally on the affected system.
How can this vulnerability impact me? :
An attacker who is already authorized on the system can exploit this vulnerability to gain higher privileges, potentially leading to full control over the affected system and compromising confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Microsoft for CVE-2025-62572 to fix the out-of-bounds read vulnerability in Application Information Services and prevent local privilege escalation. [1]