CVE-2026-25167 - Vulnerability Details

Description

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Published: 2026-03-10

Score: 7.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free flaw in the Microsoft Brokering File System allows a malicious party to read or execute code in a memory area that has already been released, giving the attacker higher privileges on the machine. The weakness is listed as CWE‑416 and can lead to complete loss of control over the affected system by a local attacker.

Affected Systems

The vulnerability applies to Microsoft Windows 11 versions 24H2, 25H2 and 26H1 and to Windows Server 2025, including Server Core installations. Both ARM64 and x64 architectures are affected for these operating systems.

Risk and Exploitability

With a CVSS score of 7.4 the flaw is rated high risk and an EPSS score of less than 1 % suggests it is unlikely to be widely exploited today. The likely attack vector is that an adversary must have local access and run malicious code that triggers the use‑after‑free in the file system; the vulnerability is not known to be exploitable remotely and is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Microsoft

Windows 11 Version 24H2

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.8037

Microsoft

Windows 11 Version 25H2

affected

Version	Status	Constraints
`10.0.26200.0`	affected	< 10.0.26200.8037

Microsoft

Windows 11 version 26H1

affected

Version	Status	Constraints
`10.0.28000.0`	affected	< 10.0.28000.1719

Microsoft

Windows Server 2025

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.32522

Microsoft

Windows Server 2025 (Server Core installation)

affected

Version	Status	Constraints
`10.0.26100.0`	affected	< 10.0.26100.32522

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_11_24h2:::::::arm64:*
	cpe:2.3:o:microsoft:windows_11_24h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_11_25h2:::::::arm64:*
	cpe:2.3:o:microsoft:windows_11_25h2:::::::x64:*
	cpe:2.3:o:microsoft:windows_11_26h1:::::::arm64:*
	cpe:2.3:o:microsoft:windows_11_26h1:::::::x64:*
	cpe:2.3:o:microsoft:windows_server_2025:::::::x64:*

No data.

Vendor Product Confidence Versions

Microsoft

Windows 11 24h2

86%

Version	Status	Scheme	Platform
`[10.0.26100.0,10.0.26100.8037)`	affected	generic	['arm64-based_systems', 'x64-based_systems']

Microsoft

Windows 11 25h2

86%

Version	Status	Scheme	Platform
`[10.0.26200.0,10.0.26200.8037)`	affected	generic	—

Microsoft

Windows 11 26h1

86%

Version	Status	Scheme	Platform
`[10.0.28000.0,10.0.28000.1719)`	affected	generic	['arm64-based_systems']

Microsoft

Windows 11 26h1

86%

Version	Status	Scheme	Platform
`[10.0.28000.0,10.0.28000.1719)`	affected	generic	—

Microsoft

Windows Server 2025

100%

Version	Status	Scheme	Platform
`[10.0.26100.0,10.0.26100.32522)`	affected	generic	['x64-based_systems']

Microsoft

Windows Server 2025 (server Core Installation)

100%

Version	Status	Scheme	Platform
`[10.0.26100.0,10.0.26100.32522)`	affected	generic	['x64-based_systems']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Microsoft security update for CVE‑2026‑25167.
Verify that the running OS version matches the affected releases – Windows 11 24H2, 25H2 or 26H1, or Windows Server 2025 on ARM64 or x64.
Reboot the system after installing the update to load the patched kernel.

Generated by OpenCVE AI on March 28, 2026 at 06:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25167

History

Sat, 28 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_11_26H1:::::::x64:*

Fri, 13 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:microsoft:windows_11_24h2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_24h2:::::::x64:* cpe:2.3:o:microsoft:windows_11_25h2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_25h2:::::::x64:* cpe:2.3:o:microsoft:windows_11_26h1:::::::arm64:* cpe:2.3:o:microsoft:windows_11_26h1:::::::x64:* cpe:2.3:o:microsoft:windows_server_2025:::::::x64:*

Wed, 11 Mar 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025 (server Core Installation)
Vendors & Products		Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025 (server Core Installation)

Tue, 10 Mar 2026 17:30:00 +0000

Type	Values Removed	Values Added
Description		Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
Title		Microsoft Brokering File System Elevation of Privilege Vulnerability
First Time appeared		Microsoft Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025
Weaknesses		CWE-416
CPEs		cpe:2.3:o:microsoft:windows_11_24H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_25H2:::::::arm64:* cpe:2.3:o:microsoft:windows_11_26H1:::::::arm64:* cpe:2.3:o:microsoft:windows_11_26H1:::::::x64:* cpe:2.3:o:microsoft:windows_server_2025::::::::
Vendors & Products		Microsoft Microsoft windows 11 24h2 Microsoft windows 11 25h2 Microsoft windows 11 26h1 Microsoft windows Server 2025
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-25167
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows Server 2025 Windows Server 2025 (server Core Installation)

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2026-03-10T17:04:49.076Z

Updated: 2026-03-27T22:32:38.333Z

Reserved: 2026-01-29T18:36:49.695Z

Link: CVE-2026-25167

Vulnrichment

Updated: 2026-03-11T13:02:28.574Z

NVD

Status : Analyzed

Published: 2026-03-10T18:18:30.227

Modified: 2026-03-13T18:49:36.310

Link: CVE-2026-25167

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-29T20:26:21Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object