CVE-2025-26665

High

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

secure@microsoft.com·CWE-591·Published 2025-04-08

CVSS

7.0

EPSS

0.00

KEV

Exploits

cve.orgen

135 chars

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

NVDen

135 chars

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally.

NVDes

171 chars

El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en Windows upnphost.dll permite que un atacante autorizado eleve privilegios localmente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.0	—	—	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
3.1	Secondary	NVD	7.0	1.0	5.9