Multiple vulnerabilities in Microsoft Windows USB Video Class System Driver



Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2025-24055
CVE-2025-24987
CVE-2025-24988
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU105532

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24055

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Windows USB Video Class System Driver. An authenticated attacker with physical access can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.3194

Windows Server: 2008 R2 SP1 - 2025 10.0.26100.3194

CPE2.3 External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24055


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU105534

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24987

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. An authenticated attacker with physical access can trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.3194

Windows Server: 2008 R2 SP1 - 2025 10.0.26100.3194

CPE2.3 External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24987


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU105533

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24988

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. An authenticated attacker with physical access can trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 21H2 10.0.19041.3920 - 11 24H2 10.0.26100.3194

Windows Server: 2008 R2 SP1 - 2025 10.0.26100.3194

CPE2.3 External links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###