AI description
CVE-2025-59282 is a vulnerability affecting Internet Information Services (IIS) Inbox COM Objects. It stems from a race condition (CWE-362) and a use-after-free scenario (CWE-416) within shared memory components. The vulnerability is due to concurrent execution using a shared resource with improper synchronization. An attacker could exploit this vulnerability to execute code locally. This requires the attacker to craft a malicious file and trick a local user into opening it. Successful exploitation could allow arbitrary code execution with elevated privileges on the same machine.
- Description
- Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- secure@microsoft.com
- CWE-362
- Hype score
- Not currently trending
🛡️ Tu servidor web de Windows podría ser la puerta de entrada al próximo ataque Microsoft reveló una falla crítica (CVE-2025-59282) en Servicios de Información de Internet (IIS) El IIS es el servidor web integrado en Windows Server. Se requiere que un usuario abra u
@CycuraMX
19 Oct 2025
4486 Impressions
24 Retweets
76 Likes
39 Bookmarks
3 Replies
0 Quotes
Vulnerabilidad crítica en Microsoft IIS ⚠️ CVE-2025-59282 https://t.co/6t60GcY7Ji
@IngAbreuOrtiz
18 Oct 2025
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en Microsoft IIS ⚠️ CVE-2025-59282 https://t.co/inif2JTajj https://t.co/UU8eTT73Qj
@elhackernet
18 Oct 2025
11488 Impressions
59 Retweets
198 Likes
61 Bookmarks
1 Reply
1 Quote
Microsoft discloses critical IIS vulnerability (CVE-2025-59282) allowing remote code execution. Organizations urged to apply patches promptly. Link: https://t.co/yqcRFAX8T2 #Security #Microsoft #IIS #CVE #Patch #Update #Remote #Code #Execution #Risk #Threat #Exploit #Servers
@dailytechonx
16 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-59282: New #Microsoft IIS Vulnerability Exposes Systems to Local Code Execution Risk https://t.co/CWi8fUWUfq
@UndercodeNews
15 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MicrosoftのIISに重大なコード実行脆弱性、CVE-2025-59282が報告された。競合状態とuse-after-freeを悪用し、IISのCOMオブジェクト処理を通じて任意コード実行が可能になる恐れがある。
@yousukezan
15 Oct 2025
1377 Impressions
0 Retweets
8 Likes
3 Bookmarks
0 Replies
0 Quotes