What is the CVSS score of CVE-2025-47993?

CVE-2025-47993 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Windows Server 2022 23h2 are affected by CVE-2025-47993?

Microsoft PC Manager contains an improper access control vulnerability that enables authenticated users to escalate local privileges to a higher level of system access.. A patch is available.

How to fix or mitigate CVE-2025-47993?

Within 24 hours: Identify all systems running Microsoft PC Manager and document current versions via inventory tools. Within 7 days: Apply vendor-released patch to all affected instances and validate deployment completion. Within 30 days: Conduct audit of local administrator accounts and privilege escalation logs on previously patched systems to detect potential historical exploitation.

Windows Server 2022 23h2 CVE-2025-47993

EUVD-2025-20631 HIGH

Improper Access Control (CWE-284)

2025-07-08 secure@microsoft.com

Microsoft Authentication Bypass Windows Server 2022 23h2 Windows 11 24h2 Windows Server 2025

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:32 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

10.0.26100.4652,10.0.25398.1732

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20631

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

CVE Published

Jul 08, 2025 - 17:15 nvd

HIGH 7.8

DescriptionCVE.org

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Analysis

Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

Technical ContextAI

This vulnerability is classified as Improper Access Control (CWE-284).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-47993 vulnerability details – vuln.today

Back

Windows Server 2022 23h2 CVE-2025-47993

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code