CVE-2025-24988: 
vulnerability analysis and mitigation

Out-of-bounds read vulnerability (CVE-2025-24988) was discovered in the Windows USB Video Driver, reported on March 11, 2025. This security flaw affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD, CVE).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the Windows USB Video Class System Driver. It has been assigned a CVSS v3.1 base score of 6.6 (Medium), with the following vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating physical access is required for exploitation (NVD).

If successfully exploited, this vulnerability allows an authorized attacker with physical access to elevate privileges on the affected system, potentially gaining high levels of access to confidentiality, integrity, and availability of the system (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions, including Windows 10 (KB5053618, KB5053594, KB5053596, KB5053606), Windows 11 (KB5053602, KB5053598), and Windows Server editions (KB5053886, KB5053887, KB5053594, KB5053596, KB5053603, KB5053598) (Rapid7).