Vulnerabilities > CVE-2025-29970 - Use After Free vulnerability in Microsoft products

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2025-05-13

Updated: 2025-05-19

Summary

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Part	Description	Count
OS	Microsoft Microsoft Windows Server 2022 23H2 - Microsoft Windows Server 2022 23H2 10.0.25398.521 Microsoft Windows Server 2022 23H2 10.0.25398.531 Microsoft Windows Server 2022 23H2 10.0.25398.584 Microsoft Windows Server 2022 23H2 10.0.25398.643 Microsoft Windows Server 2022 23H2 10.0.25398.709 Microsoft Windows Server 2022 23H2 10.0.25398.763 Microsoft Windows Server 2022 23H2 10.0.25398.830 Microsoft Windows Server 2022 23H2 10.0.25398.887 Microsoft Windows Server 2022 23H2 10.0.25398.950 Microsoft Windows Server 2022 23H2 10.0.25398.1009 Microsoft Windows Server 2022 23H2 10.0.25398.1085 Microsoft Windows Server 2022 23H2 10.0.25398.1128 Microsoft Windows Server 2022 23H2 10.0.25398.1189 Microsoft Windows Server 2022 23H2 10.0.25398.1251 Microsoft Windows Server 2022 23H2 10.0.25398.1308 Microsoft Windows Server 2025 - Microsoft Windows Server 2025 10.0.26100.2314 Microsoft Windows Server 2025 10.0.26100.3107 Microsoft Windows Server 2025 10.0.26100.3403 Microsoft Windows 11 24H2 - Microsoft Windows 11 24H2 10.0.26100.1742 Microsoft Windows 11 24H2 10.0.26100.2033 Microsoft Windows 11 24H2 10.0.26100.2161 Microsoft Windows 11 24H2 10.0.26100.2314 Microsoft Windows 11 24H2 10.0.26100.2454 Microsoft Windows 11 24H2 10.0.26100.2605 Microsoft Windows 11 24H2 10.0.26100.2894 Microsoft Windows 11 24H2 10.0.26100.3107 Microsoft Windows 11 24H2 10.0.26100.3194 Microsoft Windows 11 24H2 10.0.26100.3403	60