You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-53149
About this tag
CVE-2025-53149 is a kernel-mode vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver (ks.sys). It is a heap-based buffer overflow that can be exploited by a locally authenticated attacker to escalate privileges to SYSTEM. Although the specific CVE identifier may not appear in all public tracking databases, the flaw is part of a broader set of kernel-streaming bugs that highlight an active attack surface in the WOW thunking code. Microsoft has released patches to address this vulnerability. Users are advised to apply the latest security updates to mitigate the risk of local privilege escalation.
Microsoft has released patches for a kernel-mode flaw in the Kernel Streaming WOW Thunk Service Driver—an exploitable heap-based buffer overflow that can allow a locally authorized attacker to escalate privileges to SYSTEM—though the CVE identifier you supplied (CVE-2025-53149) does not appear...