cvedb.io
CVE-2025-48819
HIGH · CVSS 7.1
EPSS exploitation probability: 0%
Published 2025-07-08T17:15:46.420 · Last modified 2026-06-17T09:30:22.157

Summary

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Affected products

microsoft — windows_10_1507

Does this affect you?

Add your gear to cvedb and we'll alert you only when microsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.