High severity7.1NVD Advisory· Published Jul 8, 2025· Updated Jun 17, 2026
CVE-2025-48819
CVE-2025-48819
Description
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Affected products
26- Range: 10.0.10240.0
10.0.14393.0+ 2 more
- (no CPE)range: 10.0.14393.0
- (no CPE)range: 10.0.19044.0
- (no CPE)range: 10.0.19045.0
- Range: 10.0.17763.0
10.0.22621.0+ 1 more
- (no CPE)range: 10.0.22621.0
- (no CPE)range: 10.0.22631.0
- Microsoft/Windows 11 version 22H3v5Range: 10.0.22631.0
- Range: 10.0.26100.0
6.1.7601.0+ 1 more
- (no CPE)range: 6.1.7601.0
- (no CPE)range: 6.0.6003.0
- Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)v5Range: 6.1.7601.0
- Microsoft/Windows Server 2008 Service Pack 2 (Server Core installation)v5Range: 6.0.6003.0
6.2.9200.0+ 1 more
- (no CPE)range: 6.2.9200.0
- (no CPE)range: 6.3.9600.0
- Microsoft/Windows Server 2012 R2 (Server Core installation)v5Range: 6.3.9600.0
- Microsoft/Windows Server 2012 (Server Core installation)v5Range: 6.2.9200.0
- Range: 10.0.14393.0
- Microsoft/Windows Server 2016 (Server Core installation)v5Range: 10.0.14393.0
- Range: 10.0.17763.0
- Microsoft/Windows Server 2019 (Server Core installation)v5Range: 10.0.17763.0
- Range: 10.0.20348.0
- Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation)v5Range: 10.0.25398.0
- Range: 10.0.26100.0
- Microsoft/Windows Server 2025 (Server Core installation)v5Range: 10.0.26100.0
Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48819nvdVendor Advisory
News mentions
0No linked articles in our index yet.