The vulnerability is an improper default permission configuration in the Microsoft .NET 10.0 runtime that allows an attacker who already has some level of authorized access on a local machine to gain elevated privileges. This weakness, identified as CWE-276, can enable unauthorized code execution or modification of system resources by granting higher privileges than intended. The CVSS score of 7.8 indicates that the potential impact is significant, as the attacker could gain control over system files, alter application behavior, or compromise other users on the machine, leading to integrity and confidentiality loss.

Affected products are Microsoft's .NET 10.0 runtime. No specific version ranges were provided in the data, so all installations of .NET 10.0 are considered potentially at risk until further details are released. The vendor’s CNA notes list Microsoft as the only vendor with this vulnerability.

The EPSS score of less than 1% suggests a low probability of exploitation in the wild at this time, and the vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Nevertheless, the CVSS severity of 7.8 raises concern for local high‑privilege attackers. The likely attack vector is local, requiring some level of authorized access (e.g., a standard user or a compromised account). An attacker could exploit this weakness by leveraging the improperly set permissions to promote an application or service to higher privileges, thereby compromising system integrity and confidentiality. Due to the low EPSS and lack of known exploitation, monitoring and timely patching are the recommended risk mitigation strategies.