A heap‑based buffer overflow in the Windows Application Identity (AppID) Subsystem permits an authenticated local attacker to trigger a memory corruption that can be leveraged to execute arbitrary code with elevated privileges. The flaw is identified as CWE‑122, whereby an overflow can overwrite adjacent heap data and alter control flow, enabling privilege escalation to a system level. When successfully exploited, the attacker can gain administrative rights, install persistent malware, and compromise the entire system.

Microsoft Windows 10 builds 1607, 1809, 21H2, and 22H2; Windows 11 builds 23H2, 24H2, 25H2, 26H1; and Windows Server releases 2012, 2012 R2, 2016, 2019, 2022, 2025, and the 23H2 Server Core edition. All affected compilations include the vulnerable AppID subsystem implementation.

The CVSS score of 7.8 places the vulnerability in the high‑severity range. No EPSS data is available and the vulnerability is not listed in CISA’s KEV catalog, indicating no known widely available exploits at the time of reporting. Exploitation requires local or authenticated access to the target machine. Consequently, staff with routine user privileges are at moderate to high risk; any authorized user who can trigger the defect can elevate to administrator rights. Prompt patching is recommended to mitigate the potentially extensive impact of a successful attack.