Heap-Based Buffer Overflow in Kernel Streaming Service by Microsoft
CVE-2025-53149
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 12 August 2025
What is CVE-2025-53149?
CVE-2025-53149 is a vulnerability situated within the Kernel Streaming WOW Thunk Service Driver developed by Microsoft. This specific flaw manifests as a heap-based buffer overflow, which can be exploited by an authorized attacker to escalate their privileges on the local machine. The potential for privilege escalation presents a critical concern for organizations, as it enables attackers, who already possess some level of access, to gain greater control over system functionalities. This can lead to unauthorized modification, data exfiltration, or even full administrative rights, compromising the integrity and security of the system.
Potential impact of CVE-2025-53149
-
Privilege Escalation: The primary impact of CVE-2025-53149 is the ability for an attacker to elevate their privileges, allowing them to execute arbitrary commands and manipulate system settings beyond their original authorization level. This can lead to severe security breaches, making the system vulnerable to further exploits.
-
Data Compromise: With elevated privileges, attackers can access sensitive information, modify crucial system data, and potentially exfiltrate confidential data. This poses significant risks to organizational privacy and compliance with regulatory standards.
-
Increased Attack Surface: The existence of this vulnerability can pave the way for more sophisticated attacks, as it may serve as a stepping stone for lateral movement within a network. An attacker could leverage the elevated privileges to target additional systems or sensitive areas within an organization, increasing the overall risk of a cyber incident.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21100
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8330
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7678