CVE-2025-55335

Q: What is the severity of CVE-2025-55335?

CVE-2025-55335 has a CVSS score of 7.4 (HIGH). CVE-2025-55335 is a use-after-free vulnerability in Windows NTFS that allows local attackers to execute arbitrary code with elevated privileges. This affects Windows systems with NTFS file systems. Attackers must already have local access to exploit this vulnerability.

7.4 HIGH

📋 TL;DR

CVE-2025-55335 is a use-after-free vulnerability in Windows NTFS that allows local attackers to execute arbitrary code with elevated privileges. This affects Windows systems with NTFS file systems. Attackers must already have local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows operating systems

Versions: Specific versions not yet detailed in public advisory; likely affects multiple Windows versions with NTFS support.

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires NTFS file system; FAT32 or other file systems not affected. Local access required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM/administrator privileges, enabling persistence, lateral movement, and data exfiltration.

🟠

Likely Case

Local privilege escalation from a standard user account to administrator/SYSTEM level, allowing installation of malware, disabling security controls, or accessing protected data.

🟢

If Mitigated

Limited impact if proper privilege separation, application control, and endpoint protection are in place, though local privilege escalation remains possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access; not directly exploitable over the internet.

🏢 Internal Only: HIGH - Malicious insiders or attackers who gain initial foothold can use this to elevate privileges and move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and understanding of NTFS internals; use-after-free vulnerabilities typically require precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55335

Restart Required: Yes

Instructions:

1. Open Windows Update Settings
2. Click 'Check for updates'
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable systems through access controls and network segmentation.

Enable exploit protection

windows

Use Windows Defender Exploit Guard or similar solutions to mitigate memory corruption attacks.

Set-ProcessMitigation -System -Enable DEP,ASLR,CFG

🧯 If You Can't Patch

Implement strict privilege separation and least privilege principles
Deploy endpoint detection and response (EDR) solutions to detect privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches related to CVE-2025-55335

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB patch is installed via 'wmic qfe list' or 'Get-Hotfix' in PowerShell

📡 Detection & Monitoring

Log Indicators:

Unusual process creation with SYSTEM privileges
Failed privilege escalation attempts in security logs
Suspicious access to NTFS driver components

Network Indicators:

Lateral movement following local compromise
Unusual authentication patterns from previously compromised hosts

SIEM Query:

EventID=4688 AND NewProcessName="*" AND SubjectUserName!="SYSTEM" AND TokenElevationType="%%1938"

📊 Metadata

CVE ID: CVE-2025-55335

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-362

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: October 14, 2025

Last Updated: October 27, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55335 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2008 by Microsoft