Which versions of Windows are affected by CVE-2025-24805?

CVE-2025-24805 presents significant security risk, a improper privilege management vulnerability rated CVSS 8.5.. A patch is available.

Is there a public PoC exploit available for CVE-2025-24805?

Yes, a public proof-of-concept exploit is available for CVE-2025-24805. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-24805?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Windows CVE-2025-24805

Q: What is the CVSS score of CVE-2025-24805?

CVE-2025-24805 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

HIGH

Improper Privilege Management (CWE-269)

2025-02-05 security-advisories@github.com

Windows Privilege Escalation Google Apple Microsoft Android Mobile Security Framework

8.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:25 vuln.today

Patch released

Mar 28, 2026 - 18:25 nvd

Patch available

PoC Detected

May 23, 2025 - 17:01 vuln.today

Public exploit code

CVE Published

Feb 05, 2025 - 19:15 nvd

HIGH 8.5

DescriptionNVD

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Affected products include: Opensecurity Mobile Security Framework. Version information: version 4.3.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply principle of least privilege, validate privilege transitions, implement proper role separation.