The vulnerability is a use‑after‑free defect in the Windows 11 Win32K kernel subsystem that is triggered when the ICOMP interface is accessed. A locally authenticated user can exploit the defect to execute arbitrary code in kernel mode, thereby gaining full control of the system. The flaw arises from incorrect handling of freed memory, allowing the attacker to override control data and run malicious code. This results in a loss of confidentiality, integrity, and availability for the affected machine.

Affected Microsoft products include Windows 11 Version 24H2, Windows 11 Version 25H2, Windows Server 2025, and Windows Server 2025 (Server Core). The CPE entries specify arm64 versions, indicating that arm64 builds are affected; it is inferred that x86‑64 builds are also impacted, though this is not explicitly detailed in the supplier statement.

The CVSS score of 7.8 classifies the issue as high severity. However, the EPSS score of less than one percent indicates a very low likelihood that the flaw will be exploited in the wild, and no entry is found in the CISA KEV catalog. The exploitation requires the attacker to have a legitimate local account and the ability to invoke the ICOMP interface. Once the use‑after‑free is triggered, kernel‑level execution is achieved, giving the attacker a full‑privilege compromise. Consequently, the risk for environments that expose the vulnerable interface remains high, but the probability of active exploitation is presently low.