CVE-2025-49734

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-49734

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49734.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-49734

Aliases

BIT-powershell-2025-49734

Published

2025-09-09T17:15:48Z

Modified

2025-10-22T16:18:04.536896Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49734

Affected packages

Git / github.com/powershell/powershell

Affected ranges

Type: GIT
Repo: https://github.com/powershell/powershell
Events: Introduced

1393d167f54466ec60c547b56f0c4d8326da7dc8

Fixed

94beb9aebf68618babb191714e2872002984b2b0

Affected versions

v7.*

v7.4.0

v7.4.1

v7.4.10

v7.4.11

v7.4.2

v7.4.3

v7.4.4

v7.4.5

v7.4.6

v7.4.7

v7.4.8

v7.4.9