CVE-2025-53136

MEDIUM

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Authenticated Information Disclosure in NT OS Kernel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-53136. PoCs published by nu1lptr0.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-53136, a kernel information disclosure vulnerability in Windows. The exploit leverages a race condition in token handling to leak kernel memory addresses, specifically targeting the _TOKEN structure.

Description

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Exploits (1)

nomisec WORKING POC 32 stars

by nu1lptr0 · poc

https://github.com/nu1lptr0/CVE-2025-53136

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2025-53136, a kernel information disclosure vulnerability in Windows. The exploit leverages a race condition in token handling to leak kernel memory addresses, specifically targeting the _TOKEN structure.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Racy

Target: Microsoft Windows Kernel

No auth needed

Prerequisites: Access to a vulnerable Windows system · Ability to execute unprivileged code

MITRE ATT&CK

T1082 - System Information Discovery T1069 - Permission Groups Discovery

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53136

Scores

CVSS v3 5.5

EPSS 0.0086

EPSS Percentile 53.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (17)

microsoft/windows_10_1507 < 10.0.10240.21100 (2 CPE variants)

microsoft/windows_10_1607 < 10.0.14393.8330 (2 CPE variants)

microsoft/windows_10_1809 < 10.0.17763.7678 (2 CPE variants)

microsoft/windows_10_21h2 < 10.0.19044.6216

microsoft/windows_10_22h2 < 10.0.19045.6216

microsoft/windows_11_22h2 < 10.0.22621.5768

microsoft/windows_11_23h2 < 10.0.22631.5768

microsoft/windows_11_24h2 < 10.0.26100.4851

microsoft/windows_server_2008 (2 CPE variants)

microsoft/windows_server_2008 r2 sp1

... and 7 more

Published Aug 12, 2025

Tracked Since Feb 18, 2026