CVE-2025-59258

Опубликовано: 14 окт. 2025

Источник: msrc

CVSS3: 6.2

EPSS Низкий

Описание

Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

FAQ

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could obtain Single Sign-On (SSO) cookies in ADFS logs.

Обновления

Продукт	Статья	Обновление
Windows Server 2012	5066875	Monthly Rollup
Windows Server 2012 (Server Core installation)	5066875	Monthly Rollup
Windows Server 2012 R2	5066873	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5066873	Monthly Rollup
Windows Server 2016	5066836	Security Update
Windows Server 2016 (Server Core installation)	5066836	Security Update
Windows Server 2019	5066586	Security Update
Windows Server 2019 (Server Core installation)	5066586	Security Update
Windows Server 2022	5066782	Security Update
Windows Server 2022 (Server Core installation)	5066782	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 21%

0.00067

Низкий

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2025-59258

CVSS3: 6.2

nvd

19 дней назад

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

GHSA-fp3r-vj8x-58ww

CVSS3: 6.2

github

19 дней назад

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

BDU:2025-13009

CVSS3: 6.2

fstec

20 дней назад

Уязвимость службы Active Directory Federation Services (AD FS) операционных систем Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 21%

0.00067

Низкий

6.2 Medium

CVSS3