CVE Alert: CVE-2025-53768 - Microsoft - Windows 10 Version 1809

CVE-2025-53768

HIGHNo exploitation known

Use after free in Xbox allows an authorized attacker to elevate privileges locally.

CVSS v3.1 (7.8)

Vendor

Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft, Microsoft

Product

Windows 10 Version 1809, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 Version 25H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607

Versions

10.0.17763.0 lt 10.0.17763.7919 | 10.0.19044.0 lt 10.0.19044.6456 | 10.0.22621.0 lt 10.0.22621.6060 | 10.0.19045.0 lt 10.0.19045.6456 | 10.0.26200.0 lt 10.0.26200.6899 | 10.0.22631.0 lt 10.0.22631.6060 | 10.0.22631.0 lt 10.0.22631.6060 | 10.0.26100.0 lt 10.0.26100.6899 | 10.0.10240.0 lt 10.0.10240.21161 | 10.0.14393.0 lt 10.0.14393.8519

CWE

CWE-416, CWE-416: Use After Free

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Published

2025-10-14T17:00:57.742Z

Updated

2025-10-14T23:55:52.017Z

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53768

AI Summary Analysis

Risk verdict

High-severity local privilege escalation risk on affected Windows builds; exploitation is not shown as active.

Why this matters

An attacker with local access could obtain SYSTEM-level control, enabling persistence, data access or modification, and security-control evasion. With widespread Windows deployments across enterprises and consumer devices (including Xbox-integrated setups), the potential impact spans many endpoints and environments.

Most likely attack path

Exploitation requires local access and low complexity, with no user interaction required. An authorised or already-authenticated user could trigger a use-after-free in Xbox IStorageService, elevating privileges and potentially compromising related processes. The scope remains on the host, and all three core outcomes (confidentiality, integrity, availability) are at risk.

Who is most exposed

Devices running affected Windows 10/11 builds across 32-bit, x64, and ARM64, including enterprise workstations and consumer devices with Xbox components, are at risk. Organisations with mixed OS versions should prioritise broad coverage.

Detection ideas

Crashes or hang events in IStorageService or connected storage subsystems.
Unusual process creations or privilege transitions leading to SYSTEM context.
Memory corruption signals, crash dumps, or exploitation indicators in event logs.
Anomalous storage-related API calls from non-standard user contexts.

Mitigation and prioritisation

Apply all published updates for affected Windows versions; verify deployment before broad rollout.
If vectors remain unpatched, enforce least-privilege for local accounts, restrict service access to trusted processes, and harden Xbox-related components where feasible.
Enable enhanced memory-safety and monitoring features; ensure robust patch management and asset inventory by OS version and architecture.
Change-management: schedule testing and phased deployment; track progress and confirm remediation on targeting devices.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-53768, microsoft, OSINT, threatintel, windows-10-version-1507, windows-10-version-1607, windows-10-version-1809, windows-10-version-21h2, windows-10-version-22h2, windows-11-version-22h2, windows-11-version-22h3, windows-11-version-23h2, windows-11-version-24h2, windows-11-version-25h2