vulnerability
Microsoft Windows: CVE-2025-48821: Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:A/AC:M/Au:S/C:C/I:C/A:C) | Jul 8, 2025 | Jul 8, 2025 | Sep 9, 2025 |
Severity
7
CVSS
(AV:A/AC:M/Au:S/C:C/I:C/A:C)
Published
Jul 8, 2025
Added
Jul 8, 2025
Modified
Sep 9, 2025
Description
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Solutions
microsoft-windows-windows_10-1507-kb5062561microsoft-windows-windows_10-1607-kb5062560microsoft-windows-windows_10-1809-kb5062557microsoft-windows-windows_10-21h2-kb5062554microsoft-windows-windows_10-22h2-kb5062554microsoft-windows-windows_11-22h2-kb5062552microsoft-windows-windows_11-23h2-kb5062552microsoft-windows-windows_11-24h2-kb5062553microsoft-windows-windows_server_2012-kb5062592microsoft-windows-windows_server_2012_r2-kb5062597microsoft-windows-windows_server_2016-1607-kb5062560microsoft-windows-windows_server_2019-1809-kb5062557microsoft-windows-windows_server_2022-21h2-kb5062572microsoft-windows-windows_server_2022-22h2-kb5062572microsoft-windows-windows_server_2022-23h2-kb5062570microsoft-windows-windows_server_2025-24h2-kb5062553
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.