CVE-2025-24043: Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

March 7, 2025 (updated March 12, 2025)

Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

Improper verification of cryptographic signature in SOS allows an authorized attacker to execute code over a network resulting in Remote Code Execution.

References

github.com/advisories/GHSA-hpw7-8qpc-34p3
github.com/dotnet/diagnostics
github.com/dotnet/diagnostics/releases/tag/v9.0.607501
github.com/dotnet/diagnostics/security/advisories/GHSA-hpw7-8qpc-34p3
msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043
nvd.nist.gov/vuln/detail/CVE-2025-24043

Code Behaviors & Features

Detect and mitigate CVE-2025-24043 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →