Remote Code Execution Vulnerability in Windows Connected Devices Platform Service
CVE-2025-49724
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 8 July 2025
What is CVE-2025-49724?
The Windows Connected Devices Platform Service contains a use-after-free vulnerability that can be exploited by an unauthorized attacker to execute arbitrary code over a network. This could potentially allow the attacker to gain control over affected systems, impacting device integrity and user data security. Proper mitigations should be applied to protect sensitive information and prevent unauthorized exploitations. For further details and mitigation strategies, visit the official Microsoft security advisory.
Affected Version(s)
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7558
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6093
Windows 10 Version 22H2 32-bit Systems 10.0.19045.0 < 10.0.19045.6093
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved