What is the CVSS score of EUVD-2025-17793?

EUVD-2025-17793 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Windows are affected by EUVD-2025-17793?

CVE-2025-29828 is a memory management vulnerability in Windows Cryptographic Services with a CVSS score of 8.1 that could allow remote code execution on affected systems.. A patch is available.

How to fix or mitigate EUVD-2025-17793?

Within 24 hours: Identify all Windows systems running cryptographic services and confirm patch availability status through Microsoft advisory channels. Within 7 days: Apply vendor-released patch to all affected Windows systems following Microsoft's guidance, prioritizing internet-facing or sensitive infrastructure. Within 30 days: Complete patch deployment across the organization and validate through security scanning that all vulnerable instances have been remediated.

Windows EUVD-2025-17793

| CVE-2025-29828 HIGH

Memory Leak (CWE-401)

2025-06-10 secure@microsoft.com

Microsoft Windows RCE Memory Corruption Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2022 Windows 11 23h2 Windows Server 2025 Windows 11 22h2

8.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.1 HIGH

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:42 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

10.0.26100.4349,10.0.20348.3807,10.0.22631.5472

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17793

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:21 nvd

HIGH 8.1

DescriptionCVE.org

Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.

AnalysisAI

Memory management vulnerability in Windows Cryptographic Services where memory is not properly released after its effective lifetime, enabling unauthenticated remote code execution. The vulnerability affects Windows cryptographic components and allows network-based attackers to execute arbitrary code with high complexity requirements. While the CVSS score of 8.1 indicates significant severity, exploitation requires specific conditions (high attack complexity), and current status regarding KEV listing, EPSS score, and public POC availability is unknown pending official Microsoft advisory release.

Technical ContextAI

This vulnerability involves CWE-401 (Missing Release of Memory After Effective Lifetime), a memory management defect in the Windows Cryptographic Services subsystem. The root cause is improper cleanup of cryptographic objects or buffers after their intended use, potentially within legacy cryptographic protocol handlers, certificate validation routines, or key management functions. The Windows Cryptographic Services (CNG - Cryptography Next Generation, or legacy CryptoAPI) process sensitive cryptographic data; failure to zero or deallocate memory containing key material, plaintexts, or intermediate values creates a use-after-free or memory disclosure condition. Affected CPE would typically match 'cpe:2.3:o:microsoft:windows:*' across multiple versions, requiring Microsoft's official advisory for precise version ranges. The network attack vector suggests exploitation through cryptographic protocol negotiation or remote cryptographic operations.

RemediationAI

Immediate actions: (1) Monitor Microsoft Security Response Center (MSRC) and Windows Update for emergency security patch release targeting CVE-2025-29828; (2) Enable Windows Update automatic patching immediately upon availability; (3) Prioritize patch deployment for Windows Server systems handling authentication or cryptographic operations. Interim mitigations pending patch: (a) Restrict network access to cryptographic services via firewall rules; (b) Disable legacy cryptographic protocols (SSLv3, early TLS versions) if not required; (c) Review and minimize exposure of certificate services and smart card authentication endpoints; (d) Monitor for unusual cryptographic operation failures or memory-related crashes in Event Viewer (System and Application logs). Once patch details are published by Microsoft, apply to all affected Windows versions across the environment. Workarounds are unlikely given the OS-level nature of the vulnerability; patching is the primary remediation path.

More from same product – last 7 days

CVE-2026-12440 CRITICAL Act Now

9.6 Jun 17

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to po

CVE-2026-12466 HIGH This Week

8.8 Jun 17

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute

CVE-2026-12437 HIGH This Week

8.3 Jun 17

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had comprom

CVE-2026-12449 HIGH This Week

7.8 Jun 17

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-

CVE-2026-12461 MEDIUM This Month

6.5 Jun 17

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain pot

EUVD-2025-17793 vulnerability details – vuln.today

Back

Windows EUVD-2025-17793

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code