CVE-2025-59194

Published Oct 14, 2025

Last updated 7 months ago

CVSS high 7.0

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59194 is a vulnerability found within the Windows Kernel that allows for local privilege escalation. This flaw stems from the use of an uninitialized resource within the kernel, which an authorized attacker can exploit to elevate their privileges on the affected system. The vulnerability impacts several versions of Microsoft's operating systems, including various editions of Windows 11 (versions 22H2, 22H3, 23H2, 24H2, and 25H2) and Windows Server (2022 23H2 Edition and 2025).

Description
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-908

Social media

Hype score
Not currently trending

  1. Should be no obstacle anymore to write CVE-2025-59194 write up

    @shiromewo

    3 Jun 2026

    684 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.CVE-2026-45585
  2. Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-42896
  3. Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.CVE-2026-42825
  4. Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.CVE-2026-41097
  5. Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.CVE-2026-41096

References

Sources include official advisories and independent security research.