CVE-2025-59278

HIGH

Windows Authentication Methods - Privilege Escalation

Title source: llm
STIX 2.1

Description

Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0009
EPSS Percentile 25.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-1287
Status published
Products (17)
microsoft/windows_10_1507 < 10.0.10240.21161
microsoft/windows_10_1607 < 10.0.14393.8519
microsoft/windows_10_1809 < 10.0.17763.7919
microsoft/windows_10_21h2 < 10.0.19044.6456
microsoft/windows_10_22h2 < 10.0.19045.6456
microsoft/windows_11_22h2 < 10.0.22621.6060
microsoft/windows_11_23h2 < 10.0.22631.6060
microsoft/windows_11_24h2 < 10.0.26100.6899
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
... and 7 more
Published Oct 14, 2025
Tracked Since Feb 18, 2026