Search criteria
4950 vulnerabilities found for windows_11_22h2 by microsoft
FKIE_CVE-2025-62209
Vulnerability from fkie_nvd - Published: 2025-11-11 18:15 - Updated: 2025-11-17 17:40
Severity ?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"id": "CVE-2025-62209",
"lastModified": "2025-11-17T17:40:05.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-11-11T18:15:48.100",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-62208
Vulnerability from fkie_nvd - Published: 2025-11-11 18:15 - Updated: 2025-11-17 17:40
Severity ?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"id": "CVE-2025-62208",
"lastModified": "2025-11-17T17:40:13.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-11-11T18:15:47.923",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59502
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-22 16:37
Severity ?
Summary
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59502 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93FE8D22-70E3-4BDD-A6AA-D1EBAEBA9D2C",
"versionEndExcluding": "10.0.17763.7792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6EFA39-1D7C-4663-A412-AA6802FB27E8",
"versionEndExcluding": "10.0.19044.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F6F341-FC2F-4629-8259-C5F8CC8E2EB3",
"versionEndExcluding": "10.0.19045.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86480500-CDA6-4F8F-9B8C-F3FC77B15F67",
"versionEndExcluding": "10.0.22621.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C6080-3904-45F2-897E-F6583DB4A70A",
"versionEndExcluding": "10.0.22631.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1B4513-36E7-4DCD-96B3-A56184D37C87",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07163682-D393-40AF-BEDD-CDD996C941ED",
"versionEndExcluding": "10.0.17763.7792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE7D988-2ABE-4833-AFEB-90926E10B8EB",
"versionEndExcluding": "10.0.20348.4106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986B3446-8F5A-4D4C-A240-7052ED135E5B",
"versionEndExcluding": "10.0.25398.1849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DF196D-36BE-4A48-844E-E1D8405A9E1A",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network."
}
],
"id": "CVE-2025-59502",
"lastModified": "2025-10-22T16:37:25.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:14.030",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59502"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59289
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-22 16:45
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59289 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6EFA39-1D7C-4663-A412-AA6802FB27E8",
"versionEndExcluding": "10.0.19044.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F6F341-FC2F-4629-8259-C5F8CC8E2EB3",
"versionEndExcluding": "10.0.19045.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86480500-CDA6-4F8F-9B8C-F3FC77B15F67",
"versionEndExcluding": "10.0.22621.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C6080-3904-45F2-897E-F6583DB4A70A",
"versionEndExcluding": "10.0.22631.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1B4513-36E7-4DCD-96B3-A56184D37C87",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE7D988-2ABE-4833-AFEB-90926E10B8EB",
"versionEndExcluding": "10.0.20348.4106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986B3446-8F5A-4D4C-A240-7052ED135E5B",
"versionEndExcluding": "10.0.25398.1849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DF196D-36BE-4A48-844E-E1D8405A9E1A",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59289",
"lastModified": "2025-10-22T16:45:33.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:12.000",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59289"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59290
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-22 16:45
Severity ?
Summary
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59290 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10_21h2 | * | |
| microsoft | windows_10_22h2 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6EFA39-1D7C-4663-A412-AA6802FB27E8",
"versionEndExcluding": "10.0.19044.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45F6F341-FC2F-4629-8259-C5F8CC8E2EB3",
"versionEndExcluding": "10.0.19045.6332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86480500-CDA6-4F8F-9B8C-F3FC77B15F67",
"versionEndExcluding": "10.0.22621.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6C6080-3904-45F2-897E-F6583DB4A70A",
"versionEndExcluding": "10.0.22631.5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1B4513-36E7-4DCD-96B3-A56184D37C87",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE7D988-2ABE-4833-AFEB-90926E10B8EB",
"versionEndExcluding": "10.0.20348.4106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986B3446-8F5A-4D4C-A240-7052ED135E5B",
"versionEndExcluding": "10.0.25398.1849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DF196D-36BE-4A48-844E-E1D8405A9E1A",
"versionEndExcluding": "10.0.26100.6508",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59290",
"lastModified": "2025-10-22T16:45:05.803",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:12.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59290"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59294
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-22 16:44
Severity ?
2.1 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59294 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack."
}
],
"id": "CVE-2025-59294",
"lastModified": "2025-10-22T16:44:40.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:12.677",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59294"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59295
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:30
Severity ?
Summary
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network."
}
],
"id": "CVE-2025-59295",
"lastModified": "2025-10-17T15:30:47.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:12.850",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59295"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59282
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-27 19:44
Severity ?
Summary
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59282 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51C284A-9D3D-4933-B4F0-954A0D43073A",
"versionEndIncluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Inbox COM Objects allows an unauthorized attacker to execute code locally."
}
],
"id": "CVE-2025-59282",
"lastModified": "2025-10-27T19:44:11.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:11.110",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59282"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59284
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-27 19:39
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59284 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally."
}
],
"id": "CVE-2025-59284",
"lastModified": "2025-10-27T19:39:57.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:11.290",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59284"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59280
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-20 19:50
Severity ?
Summary
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59280 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network."
}
],
"id": "CVE-2025-59280",
"lastModified": "2025-10-20T19:50:15.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:10.433",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59280"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59278
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-27 19:44
Severity ?
Summary
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59278 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59278",
"lastModified": "2025-10-27T19:44:49.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:10.217",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59278"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59261
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:52
Severity ?
Summary
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59261 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_11_23h2 | * | |
| microsoft | windows_11_24h2 | * | |
| microsoft | windows_11_25h2 | * | |
| microsoft | windows_server_2022 | * | |
| microsoft | windows_server_2022_23h2 | * | |
| microsoft | windows_server_2025 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59261",
"lastModified": "2025-10-17T15:52:53.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:09.300",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59261"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59275
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-27 20:12
Severity ?
Summary
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59275 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59275",
"lastModified": "2025-10-27T20:12:00.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:09.650",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59275"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59277
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-27 20:11
Severity ?
Summary
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59277 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A",
"versionEndExcluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59277",
"lastModified": "2025-10-27T20:11:46.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:09.873",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59277"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59259
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-20 19:49
Severity ?
Summary
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59259 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network."
}
],
"id": "CVE-2025-59259",
"lastModified": "2025-10-20T19:49:50.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:08.643",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59259"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59253
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:22
Severity ?
Summary
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59253 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally."
}
],
"id": "CVE-2025-59253",
"lastModified": "2025-10-17T15:22:14.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:07.503",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59253"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59255
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:28
Severity ?
Summary
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59255 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59255",
"lastModified": "2025-10-17T15:28:45.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:07.923",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59255"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59254
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:25
Severity ?
Summary
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59254 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59254",
"lastModified": "2025-10-17T15:25:36.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:07.703",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59254"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59244
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:18
Severity ?
Summary
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59244 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network."
}
],
"id": "CVE-2025-59244",
"lastModified": "2025-10-17T15:18:24.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:06.577",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59244"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59242
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:18
Severity ?
Summary
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59242 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59242",
"lastModified": "2025-10-17T15:18:10.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:06.207",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59242"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59230
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-12-03 13:47
Severity ?
Summary
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
References
Impacted products
{
"cisaActionDue": "2025-11-04",
"cisaExploitAdd": "2025-10-14",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft Windows Improper Access Control Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally."
}
],
"id": "CVE-2025-59230",
"lastModified": "2025-12-03T13:47:09.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-10-14T17:16:04.173",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59214
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-21 16:15
Severity ?
Summary
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network."
}
],
"id": "CVE-2025-59214",
"lastModified": "2025-10-21T16:15:37.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-10-14T17:16:02.020",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cymulate.com/blog/ntlm-leak-cve-2025-59214/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/rubenformation/CVE-2025-50154/"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59209
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:21
Severity ?
Summary
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59209 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally."
}
],
"id": "CVE-2025-59209",
"lastModified": "2025-10-17T15:21:26.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:01.163",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59209"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59211
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:19
Severity ?
Summary
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59211 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA",
"versionEndExcluding": "10.0.10240.21161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42",
"versionEndExcluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12",
"versionEndIncluding": "10.0.14393.8519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally."
}
],
"id": "CVE-2025-59211",
"lastModified": "2025-10-17T15:19:59.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:01.587",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59211"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-59204
Vulnerability from fkie_nvd - Published: 2025-10-14 17:16 - Updated: 2025-10-17 15:26
Severity ?
Summary
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59204 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F",
"versionEndExcluding": "10.0.19044.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F",
"versionEndExcluding": "10.0.19045.6456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A",
"versionEndExcluding": "10.0.22621.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4",
"versionEndIncluding": "10.0.22631.6060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D",
"versionEndExcluding": "10.0.26100.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5",
"versionEndExcluding": "10.0.26200.6899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A",
"versionEndExcluding": "10.0.17763.7919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7",
"versionEndExcluding": "10.0.20348.4294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600",
"versionEndExcluding": "10.0.25398.1913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41",
"versionEndIncluding": "10.0.26100.6899",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally."
}
],
"id": "CVE-2025-59204",
"lastModified": "2025-10-17T15:26:37.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-10-14T17:16:00.253",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59204"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
CVE-2025-62209 (GCVE-0-2025-62209)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2025-11-26 00:20
VLAI?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:45:11.438661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:45:18.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T00:20:44.510Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows License Manager Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"
}
],
"title": "Windows License Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62209",
"datePublished": "2025-11-11T17:59:45.904Z",
"dateReserved": "2025-10-08T20:10:09.346Z",
"dateUpdated": "2025-11-26T00:20:44.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62208 (GCVE-0-2025-62208)
Vulnerability from cvelistv5 – Published: 2025-11-11 17:59 – Updated: 2025-11-26 00:20
VLAI?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:45:39.685886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:45:49.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T00:20:44.018Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows License Manager Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
}
],
"title": "Windows License Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62208",
"datePublished": "2025-11-11T17:59:45.339Z",
"dateReserved": "2025-10-08T20:10:09.346Z",
"dateUpdated": "2025-11-26T00:20:44.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62209 (GCVE-0-2025-62209)
Vulnerability from nvd – Published: 2025-11-11 17:59 – Updated: 2025-11-26 00:20
VLAI?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:45:11.438661Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:45:18.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T00:20:44.510Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows License Manager Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62209"
}
],
"title": "Windows License Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62209",
"datePublished": "2025-11-11T17:59:45.904Z",
"dateReserved": "2025-10-08T20:10:09.346Z",
"dateUpdated": "2025-11-26T00:20:44.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62208 (GCVE-0-2025-62208)
Vulnerability from nvd – Published: 2025-11-11 17:59 – Updated: 2025-11-26 00:20
VLAI?
Summary
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62208",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:45:39.685886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T14:45:49.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-11-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T00:20:44.018Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows License Manager Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62208"
}
],
"title": "Windows License Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62208",
"datePublished": "2025-11-11T17:59:45.339Z",
"dateReserved": "2025-10-08T20:10:09.346Z",
"dateUpdated": "2025-11-26T00:20:44.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59230 (GCVE-0-2025-59230)
Vulnerability from nvd – Published: 2025-10-14 17:01 – Updated: 2025-12-02 17:10
VLAI?
Summary
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.7919
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59230",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T03:56:12.791568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:16.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59230"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-02T17:10:52.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59230-detection-script-elevation-of-privilege-vulnerability-affecting-windows-rasman"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-59230-mitigation-script-elevation-of-privilege-vulnerability-affecting-windows-rasman"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.7919",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4294",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6456",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.6060",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6456",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.6899",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6060",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.1913",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.6899",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1507",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.10240.21161",
"status": "affected",
"version": "10.0.10240.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8519",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.23571",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.23571",
"status": "affected",
"version": "6.0.6003.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.27974",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.27974",
"status": "affected",
"version": "6.1.7601.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25722",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25722",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.22824",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.22824",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.7919",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4294",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6456",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.6060",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6456",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.6899",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6060",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1913",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.6899",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.21161",
"versionStartIncluding": "10.0.10240.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8519",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.23571",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.0.6003.23571",
"versionStartIncluding": "6.0.6003.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.27974",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.1.7601.27974",
"versionStartIncluding": "6.1.7601.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25722",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25722",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.22824",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.22824",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-10-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T04:09:46.982Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230"
}
],
"title": "Windows Remote Access Connection Manager Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-59230",
"datePublished": "2025-10-14T17:01:43.397Z",
"dateReserved": "2025-09-11T00:32:30.952Z",
"dateUpdated": "2025-12-02T17:10:52.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}