Microsoft Windows Server 2025
Moderate fix1 remedy
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft Windows Connected Devices Platform Service Remote Code Execution Vulnerability
Vulnerability
A use-after-free vulnerability has been identified in the Connected Devices Platform Service (Cdpsvc) on Microsoft Windows. This vulnerability allows an unauthorized attacker to execute code remotely over the network. It affects several different versions and ranges of Windows, including Windows 10, Windows 11, Windows Server 2019, and Windows Server 2022. The vulnerability arises from improper memory management, leading to a use-after-free condition that can be exploited to execute arbitrary code.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system.
Remediation
Users can apply the security update KB5066791 for Windows 10, KB5066793 for Windows 11, KB5066782 for Windows Server 2022, KB5066586 for Windows Server 2019, and KB5066835 for Windows Server 2025. These security updates can be downloaded via the Microsoft Update Catalog.
Added: Oct 14, 2025, 8:06 PM
Updated: Oct 14, 2025, 8:06 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
7.5exploitability
4.4remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.