Description
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Published: 2025-12-09
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Use‑after‑free in the Microsoft Brokering File System module can be triggered by an authorized local user to corrupt memory and obtain elevated privileges on the affected systems. The flaw, classified as CWE‑416, permits an attacker who can already access the device to execute arbitrary code with higher authority, compromising confidentiality, integrity, and availability of the local machine.

Affected Systems

The vulnerability affects Microsoft Windows 11 24H2 and 25H2, Windows Server 2022 23H2 edition (Server Core), and Windows Server 2025, including its Server Core installation. The specific product names and version numbers are listed by the Microsoft Security Response Center and correspond to the CPE entries for arm64 and x86 variants.

Risk and Exploitability

With a CVSS score of 7 the flaw is considered a high severity issue, but the EPSS score of less than 1% indicates a very low probability of exploitation at this time. The vulnerability is not included in CISA’s KEV catalog. Exploitation requires local access and a privileged context; an attacker who can run code on the machine can trigger the use‑after‑free to elevate to system level. Because it is local, the attack surface is limited to users who already have local login rights.

Generated by OpenCVE AI on April 20, 2026 at 15:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Microsoft security update released for Windows 11 24H2, 25H2, Windows Server 2022 23H2, and Windows Server 2025, and reboot the system.
  • Disable or remove any legacy file system broker components that are not required to reduce the attack surface.
  • Enforce least‑privilege policies on local accounts and monitor for unauthorized privilege escalation attempts.

Generated by OpenCVE AI on April 20, 2026 at 15:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2022 23h2

Tue, 09 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 18:15:00 +0000

Type Values Removed Values Added
Description Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
Title Microsoft Brokering File System Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
Weaknesses CWE-416
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows Server 2025
Microsoft windows Server 23h2
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-16T14:18:56.482Z

Reserved: 2025-10-15T17:11:21.222Z

Link: CVE-2025-62569

cve-icon Vulnrichment

Updated: 2025-12-09T20:12:59.462Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-09T18:16:03.000

Modified: 2025-12-12T20:03:52.733

Link: CVE-2025-62569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T15:45:10Z

Weaknesses