
Cloud Vulnerability DB
A community-led vulnerabilities database
A heap-based buffer overflow vulnerability (CVE-2025-24063) was identified in the Windows Kernel, disclosed on May 13, 2025. The vulnerability affects various Windows operating systems including Windows Server 2008, 2012, 2016, 2019, 2022, 2025, Windows 10, and Windows 11 versions (NVD, Wiz).
The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). The vulnerability requires local access and low privileges to exploit, with no user interaction needed (NVD).
If successfully exploited, this vulnerability enables attackers to elevate their privileges on the affected system, potentially gaining high levels of access to the system's confidentiality, integrity, and availability of resources (Wiz).
Microsoft has released security updates as part of the May 2025 Patch Tuesday to address this vulnerability. System administrators and users are advised to apply these updates immediately through Windows Update or enterprise management tools (Wiz).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."