CVE-2025-27484

{"id": "CVE-2025-27484", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-04-08T18:15:59.130", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27484", "source": "secure@microsoft.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-591"}]}], "descriptions": [{"lang": "en", "value": "Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network."}, {"lang": "es", "value": "El almacenamiento de datos confidenciales en una memoria bloqueada incorrectamente en el host del dispositivo Universal Plug and Play (UPnP) de Windows permite que un atacante autorizado eleve privilegios en una red."}], "lastModified": "2025-04-09T20:03:01.577", "sourceIdentifier": "secure@microsoft.com"}