Windows Heap Buffer Overflow Vulnerability Allows Attackers to Gain Elevated Privileges

A critical security vulnerability has been discovered in Microsoft Windows systems that allows attackers to escalate their privileges and potentially gain complete control over affected machines.

The vulnerability, designated CVE-2025-53149, affects the Kernel Streaming WOW Thunk Service Driver and was patched by Microsoft in August 2025.

Vulnerability Overview

The security flaw is a heap-based buffer overflow located in the ksthunk.sys driver, specifically within the CKSAutomationThunk::HandleArrayProperty() function.

This vulnerability allows authorized users with low-level privileges to escalate their access to system-level permissions, potentially compromising the entire Windows installation.

Security researchers from Crowdfense discovered the vulnerability during their routine analysis of Windows internals.

The affected component, ksthunk.sys, serves as a critical bridge between 32-bit user applications and 64-bit kernel drivers in Windows systems, making it ...