CVE-2025-59511

HIGH

Windows WLAN Service - Privilege Escalation

Title source: llm
STIX 2.1

Description

External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0012
EPSS Percentile 30.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-73
Status published
Products (10)
microsoft/windows_10_1809 < 10.0.17763.8027 (2 CPE variants)
microsoft/windows_10_21h2 < 10.0.19044.6575
microsoft/windows_10_22h2 < 10.0.19045.6575
microsoft/windows_11_23h2 < 10.0.22631.6199
microsoft/windows_11_24h2 < 10.0.26100.7092
microsoft/windows_11_25h2 < 10.0.26200.7092
microsoft/windows_server_2019 < 10.0.17763.8027
microsoft/windows_server_2022 < 10.0.20348.4346
microsoft/windows_server_2022_23h2 < 10.0.25398.1965
microsoft/windows_server_2025 < 10.0.26100.7092
Published Nov 11, 2025
Tracked Since Feb 18, 2026