Windows 11 25h2
CVE-2026-23672
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
AnalysisAI
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability [CVSS 7.8 HIGH]
Technical ContextAI
Classified as CWE-125 (Out-of-bounds Read). Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
RemediationAI
Monitor vendor advisories for a patch.
More in Windows 11 25h2
View allWindows Shell contains a protection mechanism failure (CVE-2026-21510, CVSS 8.8) that allows unauthenticated remote atta
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptograph
Desktop Window Manager (DWM) in Windows contains a type confusion vulnerability (CVE-2026-21519, CVSS 7.8) that enables
Desktop Windows Manager on Windows 10, Windows 11, and Windows Server 2022 leaks sensitive information to local authenti
Windows Kernel contains a race condition vulnerability enabling local privilege escalation through concurrent resource a
Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow v
Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local a
Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to
BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting
Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive e
Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the netwo
Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today