Heap-Based Buffer Overflow in Windows Bluetooth Service by Microsoft
CVE-2025-27490

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2022; Windows 10 Version 21h2; Windows 11 Version 22h2; Windows 10 Version 22h2
Vendor: CVE Published:; 8 April 2025

Summary

A heap-based buffer overflow vulnerability exists in the Windows Bluetooth Service, allowing an authorized attacker to execute code with elevated privileges. Exploiting this flaw can enable attackers to gain access to sensitive areas of the affected system, potentially allowing for further malicious activities. Ensuring that systems are updated and applying the latest security patches can help mitigate the risks associated with this vulnerability.

Affected Version(s)

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.5737

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5737

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.5191

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 26, 2025