CVE-2025-59284

LOW

Windows 11 22H2-25H2 and Windows Server 2025 - Unauthorized Sensitive Information Exposure via NTLM Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59284. PoCs published by lytnc.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2025-59284, which exploits a vulnerability in libarchive by crafting a malicious tar file with a symbolic link. The PoC generates a tar file with a manipulated header to trigger the vulnerability.

Description

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

Exploits (1)

nomisec WORKING POC
by lytnc · poc
https://github.com/lytnc/CVE-2025-59284-PoC

The repository contains a functional PoC for CVE-2025-59284, which exploits a vulnerability in libarchive by crafting a malicious tar file with a symbolic link. The PoC generates a tar file with a manipulated header to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: libarchive (version not specified)
No auth needed
Prerequisites: Ability to create and deliver a malicious tar file to the target system
devstral-2 · analyzed Mar 13, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 3.3
EPSS 0.0094
EPSS Percentile 56.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (5)
microsoft/windows_11_22h2 < 10.0.22621.6060
microsoft/windows_11_23h2 < 10.0.22631.6060
microsoft/windows_11_24h2 < 10.0.26100.6899
microsoft/windows_11_25h2 < 10.0.26200.6899
microsoft/windows_server_2025 < 10.0.26100.6899
Published Oct 14, 2025
Tracked Since Feb 18, 2026