Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
AnalysisAI
A privilege escalation vulnerability in Double free in Windows Win32K - ICOMP (CVSS 7.8) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.
Technical ContextAI
Vulnerability type: privilege escalation. CVSS 7.8 indicates high severity. Affects Double free in Windows Win32K - ICOMP.
RemediationAI
Monitor vendor channels for patch availability.
More in Windows Server 2025
View allWindows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users
Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the
Local privilege escalation in Microsoft Active Directory Federation Services (AD FS) lets an already-authenticated low-p
Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulne
Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation
Windows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables
Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a se
Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attack
Same weakness CWE-415 – Double Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20577