Remote Code Execution Vulnerability in Windows Connected Devices Platform Service
CVE-2025-49724

8.8HIGH

What is CVE-2025-49724?

The Windows Connected Devices Platform Service contains a use-after-free vulnerability that can be exploited by an unauthorized attacker to execute arbitrary code over a network. This could potentially allow the attacker to gain control over affected systems, impacting device integrity and user data security. Proper mitigations should be applied to protect sensitive information and prevent unauthorized exploitations. For further details and mitigation strategies, visit the official Microsoft security advisory.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7558

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.6093

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.6093

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49724 : Remote Code Execution Vulnerability in Windows Connected Devices Platform Service