CVE-2025-62458
win32k.sys — elevation of privilege
Summary
| Field | Value |
|---|---|
| Driver | win32k.sys |
| Vulnerability Class | Elevation of Privilege |
| CVSS | 7.8 |
| Exploited ITW | No |
| Patch Date | December 9, 2025 |
Root Cause
A vulnerability in the Win32 Kernel Subsystem allows a local attacker to escalate privileges. The exact root cause has not been publicly detailed beyond Microsoft's advisory.
Exploitation
The attacker sends crafted Win32k system calls to reach SYSTEM.
Exploitation Primitive
Crafted Win32k syscall → kernel vulnerability → SYSTEM