CVE-2025-24988

Q: What is the severity of CVE-2025-24988?

CVE-2025-24988 has a CVSS score of 6.6 (MEDIUM). This vulnerability allows an authorized attacker with physical access to a Windows system to exploit an out-of-bounds read in the USB Video Driver, potentially leading to privilege escalation. It affects Windows systems with USB video devices. The attack requires physical access to the target machine.

6.6 MEDIUM

📋 TL;DR

This vulnerability allows an authorized attacker with physical access to a Windows system to exploit an out-of-bounds read in the USB Video Driver, potentially leading to privilege escalation. It affects Windows systems with USB video devices. The attack requires physical access to the target machine.

💻 Affected Systems

Products:

Windows USB Video Driver

Versions: Windows 10, Windows 11, and Windows Server versions prior to security updates in 2025

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires USB video device connection; systems without USB video devices may not be vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains SYSTEM-level privileges, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Local privilege escalation from standard user to administrator, allowing installation of malware or access to protected resources.

🟢

If Mitigated

Limited impact due to physical access controls and proper user privilege separation.

🌐 Internet-Facing: LOW - Requires physical access, not remotely exploitable.

🏢 Internal Only: MEDIUM - Physical access requirement makes it relevant for insider threats or compromised physical environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access and authorized user credentials; driver manipulation needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable USB Video Devices

windows

Prevent exploitation by disabling USB video devices via Device Manager.

devmgmt.msc

Restrict Physical Access

all

Implement physical security controls to prevent unauthorized access to systems.

🧯 If You Can't Patch

Implement strict physical access controls and surveillance for critical systems.
Use application whitelisting to prevent unauthorized driver modifications.

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches from 2025 addressing CVE-2025-24988.

Check Version:

wmic os get caption, version, buildnumber

Verify Fix Applied:

Verify the latest Windows security updates are installed and system has been restarted.

📡 Detection & Monitoring

Log Indicators:

Event ID 6005 (Driver load) with USB video driver anomalies
Unexpected privilege escalation events in security logs

Network Indicators:

Not applicable - local physical attack

SIEM Query:

EventID=6005 AND SourceName="usbvideo" AND (EventData contains "privilege" OR EventData contains "elevation")

📊 Metadata

CVE ID: CVE-2025-24988

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

EPSS Score: 0.33% exploit probability (55.6th percentile)

Published: March 11, 2025

Last Updated: July 7, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24988 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable USB Video Devices

Restrict Physical Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities