CVE-2025-53136

MEDIUM

Microsoft Windows 10 1507 < 10.0.10240.21100 - Information Disclosure

Title source: rule

Description

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Exploits (1)

nomisec WORKING POC 32 stars
by nu1lptr0 · poc
https://github.com/nu1lptr0/CVE-2025-53136

References (1)

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 19.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (17)
microsoft/windows_10_1507 < 10.0.10240.21100 (2 CPE variants)
microsoft/windows_10_1607 < 10.0.14393.8330 (2 CPE variants)
microsoft/windows_10_1809 < 10.0.17763.7678 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.6216
microsoft/windows_10_22h2 < 10.0.19045.6216
microsoft/windows_11_22h2 < 10.0.22621.5768
microsoft/windows_11_23h2 < 10.0.22631.5768
microsoft/windows_11_24h2 < 10.0.26100.4851
microsoft/windows_server_2008 (2 CPE variants)
microsoft/windows_server_2008 r2 sp1
... and 7 more
Published Aug 12, 2025
Tracked Since Feb 18, 2026