CVE-2025-48819
HIGHDescription
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
Is your site exposed to CVE-2025-48819?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| microsoft | windows_10_1507 |
| microsoft | windows_10_1507 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1607 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_1809 |
| microsoft | windows_10_21h2 |
| microsoft | windows_10_22h2 |
| microsoft | windows_11_22h2 |
| microsoft | windows_11_23h2 |
| microsoft | windows_11_24h2 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2008 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2012 |
| microsoft | windows_server_2016 |
| microsoft | windows_server_2019 |
| microsoft | windows_server_2022 |
| microsoft | windows_server_2022_23h2 |
| microsoft | windows_server_2025 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-48819? +
How severe is CVE-2025-48819? +
What products are affected by CVE-2025-48819? +
How do I check if I'm vulnerable to CVE-2025-48819? +
Related Vulnerabilities
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability