CVE-2025-58728: 
vulnerability analysis and mitigation

A use-after-free vulnerability exists in Windows Bluetooth Service that allows an authorized attacker to elevate privileges locally. The vulnerability was disclosed on October 14, 2025, and affects multiple versions of Windows including Windows 11, Windows 10, and Windows Server (NVD, AttackerKB).

The vulnerability is tracked as CVE-2025-58728 and has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) and requires local access with low privileges to exploit (NVD).

If successfully exploited, this vulnerability allows an authorized attacker to elevate their privileges on the local system, potentially gaining high-level access to system resources. This could lead to complete system compromise with high impacts on confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the latest security patches through Windows Update or download them directly from the Microsoft Security Update Guide (Microsoft Security).