CVE-2024-57972 MEDIUM

CVE-2024-57972

Vendor Microsoft
Product HoloLens
Weakness CWE-770 · Uncontrolled resource consumption
Published March 6, 2025
Last update March 7, 2025

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework.

Key dates

02Disclosure timeline

March 6, 2025 CVE published
March 7, 2025 Record updated