How to fix CVE-2025-24994?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Windows affected by CVE-2025-24994?

Organizations using Improper access control in Windows Cross Device Service face moderate risk from CVE-2025-24994, a improper access control vulnerability rated CVSS 7.3. Exploitation could compromise the security of affected deployments.

CVE-2025-24994

HIGH

2025-03-11 [email protected]

Windows

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:52 vuln.today

CVE Published

Mar 11, 2025 - 17:16 nvd

HIGH 7.3

DescriptionNVD

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

AnalysisAI

Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. [CVSS 7.3 HIGH]

Technical ContextAI

Classified as CWE-284 (Improper Access Control). Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally.

Affected ProductsAI

Component: Windows Cross Device.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-24994 vulnerability details – vuln.today

Back

CVE-2025-24994

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code