How ZeroPath Works
Back to Blog

Windows SSDP Service Double-Free Flaw (CVE-2025-47975): Privilege Escalation Risk Explained

An in-depth technical breakdown of CVE-2025-47975, a double-free vulnerability in Windows SSDP Service allowing local privilege escalation.
CVE Analysis

6 min read

ZeroPath Security Research

ZeroPath Security Research

2025-07-08

Windows SSDP Service Double-Free Flaw (CVE-2025-47975): Privilege Escalation Risk Explained

Windows SSDP Service Double-Free Flaw (CVE-2025-47975): Privilege Escalation Risk Explained

Introduction

Privilege escalation vulnerabilities remain a critical concern for organizations, and the recent discovery of CVE-2025-47975 highlights ongoing risks associated with memory corruption flaws. This vulnerability, affecting the Windows Simple Service Discovery Protocol (SSDP) service, allows attackers with local access to escalate privileges, potentially gaining full system control.

Technical Information

Vulnerability Mechanism

CVE-2025-47975 involves a double-free error (CWE-415) in the Windows SSDP service. Double-free vulnerabilities occur when a program attempts to free memory that has already been freed, leading to memory corruption and potential arbitrary code execution. Specifically, the SSDP service incorrectly handles certain crafted SSDP requests, freeing the same memory block twice.

Attack Vectors

The primary attack vector is local exploitation, where an attacker with existing authenticated access can trigger the double-free condition. By carefully crafting SSDP requests, the attacker can manipulate heap memory, potentially overwriting critical structures or pointers, leading to elevated privileges.

Affected Components

  • Windows SSDP Discovery Service (SSDPSRV)
  • Listening Ports: UDP 1900, TCP 2869

Patch Information

Microsoft addressed CVE-2025-47975 in the July 2025 Patch Tuesday release. Administrators are strongly advised to apply this security update immediately to mitigate the risk of exploitation. The update is available through the Microsoft Update Catalog and standard update management tools.

Affected Systems and Versions

  • All supported versions of Windows running the SSDP Discovery Service are potentially vulnerable.

Vendor Security History

Microsoft consistently addresses vulnerabilities through monthly Patch Tuesday updates. However, memory corruption vulnerabilities such as double-free errors continue to surface, highlighting ongoing challenges in securing legacy services like SSDP.

References

Source: This report was created using AI

If you have suggestions for improvement or feedback, please reach out to us at [email protected]

Detect & fix
what others miss

Get startedBook a demo