CVE-2025-24076
Published Mar 11, 2025
Last updated 3 months ago
AI description
CVE-2025-24076 is a vulnerability in the Windows Cross Device Service related to improper access control. It allows an authorized attacker with local access to elevate their privileges on the system. The vulnerability can be exploited using a technique called DLL hijacking. A low-privileged user can modify a DLL file that is loaded by a COM server running with elevated privileges, potentially leading to the execution of arbitrary code with system-level permissions.
- Description
- Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.
- Source
- secure@microsoft.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 7.3
- Impact score
- 5.9
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-284
- Hype score
- Not currently trending
🔓 Gaining SYSTEM on Windows 11 with a 300ms window? A real-world DLL hijack + clever API interception exposed CVE-2025-24076 & CVE-2025-24994. Learn how it worked & how to defend. 👇 #Windows11 #CVE #DLLHijacking #Infosec #CyberSecurity https://t.co/41KtQGJurm
@threatsbank
21 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️ In just 300 milliseconds, a Windows 11 user could become a system admin! Talk about a fast track to power! Thankfully, Microsoft patched this CVE-2025-24076, but it’s a wild reminder that security threats are always lurking. #WindowsForum #Windows11 #… https://t.co/MFm
@windowsforum
20 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994) : https://t.co/tKnRsUwr4I https://t.co/JVFPyGsLvp
@binitamshah
20 May 2025
3422 Impressions
13 Retweets
48 Likes
33 Bookmarks
0 Replies
0 Quotes
Warning: #PoC available for #CVE-2025-24076 and #CVE- 2025-24994, improper access control in Windows, allowing local privilege escalation . Thanks to the @compasssecurity team and read the update on https://t.co/mx5vLwVvtu Please #patch #patch #patch
@CCBalert
18 Apr 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Windows 11 flaws (CVE-2025-24076 & 24994) allow privilege escalation—attackers gain SYSTEM-level access. Patch immediately: https://t.co/DbKY566rSu #CyberSecurity #Windows11
@adriananglin
16 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 https://t.co/m3mH19iwWW
@samilaiho
16 Apr 2025
1035 Impressions
4 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
Windowsの権限昇格脆弱性CVE-2025-24076及びCVE-2025-24994について。Compass Security社報告。前者はDLLハイジャック。300ミリ秒しか成立タイミングが無かったため、Opportunistic Lockで実行を止め、DetoursライブラリでGetFileVersionInfoExWをインターセプトし書き換え。 https://t.co/g6kkX8FnAR
@__kokumoto
16 Apr 2025
721 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Windows 11 Privilege Escalation Flaws Uncovered: CVE-2025-24076 and CVE-2025-24994 https://t.co/dUlwa4walR
@Dinosn
16 Apr 2025
1635 Impressions
6 Retweets
18 Likes
9 Bookmarks
0 Replies
0 Quotes
3 milliseconds to admin — Our analyst John Ostrowski turned a DLL hijacking into a reliable local privilege escalation on Windows 11. He chained opportunistic locks, and API hooking to win the race to CVE-2025-24076 & CVE-2025-24994. Read his blog post: https://t.co/UfN6cBazI
@compasssecurity
15 Apr 2025
6490 Impressions
38 Retweets
121 Likes
76 Bookmarks
2 Replies
0 Quotes
🚨 CVE-2025-24076 🔴 HIGH (7.3) 🏢 Microsoft - Windows 11 version 22H2 🏗️ 10.0.22621.0 🔗 https://t.co/3cKWpEX2uA #CyberCron #VulnAlert #InfoSec https://t.co/2OulBLFtaV
@cybercronai
13 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes