CVE-2025-59277

Опубликовано: 14 окт. 2025

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Windows Authentication Elevation of Privilege Vulnerability

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

FAQ

How could an attacker exploit this vulnerability?

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain administrator privileges.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5066874 5066877	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5066872 5066876	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5066872 5066876	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5066874 5066877	Monthly Rollup Security Only
Windows Server 2012	5066875	Monthly Rollup
Windows Server 2012 (Server Core installation)	5066875	Monthly Rollup
Windows Server 2012 R2	5066873	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5066873	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

EPSS

Процентиль: 23%

0.00073

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2025-59277

CVSS3: 7.8

nvd

19 дней назад

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

GHSA-f6rp-fg8w-f27c

CVSS3: 7.8

github

19 дней назад

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

EPSS

Процентиль: 23%

0.00073

Низкий

7.8 High

CVSS3