Windows 0-day vulnerability exploited by hackers for over two years

The vulnerability, identified as CVE-2025-24983 (CVSS score 7), is related to privilege escalation in the Windows Win32 kernel subsystem. According to Microsoft, this use-after-free issue allows local attackers to gain SYSTEM privileges by triggering a race condition and successfully exploiting it. The bug was fixed as part of the March Patch Tuesday earlier this week.

According to ESET, which discovered the vulnerability, the 0-day exploit for CVE-2025-24983 was first seen back in March 2023 on systems compromised by the PipeMagic malware.

The exploit only targeted older versions of Windows (Windows Server 2012 R2 and Windows 8.1), which Microsoft no longer supports. However, the vulnerability also affects newer versions of Windows, including supported Windows Server 2016 and Windows 10 (Windows 10 build 1809 and earlier).

"This use-after-free vulnerability is related to the incorrect use of memory during software operation. This can lead to software failures, malicious code execution (including remote execution), privilege escalation, or data corruption," ESET says. "The exploit was deployed via the PipeMagic backdoor, which is capable of stealing data and providing remote access to the machine."

The aforementioned PipeMagic malware was discovered by Kaspersky Lab experts back in 2022. The malware is capable of collecting sensitive data, providing attackers with full remote access to infected devices, and deploying additional payloads for lateral movement across victim networks.

In 2023, Kaspersky Lab researchers observed PipeMagic being used in Nokoyawa ransomware attacks , where attackers exploited another Windows zero-day vulnerability related to privilege escalation in the Common Log file system driver (CVE-2023-28252).