CVE-2025-59282

Published Oct 14, 2025

Last updated a month ago

CVSS high 7.0
IIS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59282 is a vulnerability affecting Internet Information Services (IIS) Inbox COM Objects. It stems from a race condition (CWE-362) and a use-after-free scenario (CWE-416) within shared memory components. The vulnerability is due to concurrent execution using a shared resource with improper synchronization. An attacker could exploit this vulnerability to execute code locally. This requires the attacker to craft a malicious file and trick a local user into opening it. Successful exploitation could allow arbitrary code execution with elevated privileges on the same machine.

Description
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-362
nvd@nist.gov
CWE-362

Social media

Hype score
Not currently trending

  1. 🛡️ Tu servidor web de Windows podría ser la puerta de entrada al próximo ataque Microsoft reveló una falla crítica (CVE-2025-59282) en Servicios de Información de Internet (IIS) El IIS es el servidor web integrado en Windows Server. Se requiere que un usuario abra u

    @CycuraMX

    19 Oct 2025

    4486 Impressions

    24 Retweets

    76 Likes

    39 Bookmarks

    3 Replies

    0 Quotes

  2. Vulnerabilidad crítica en Microsoft IIS ⚠️ CVE-2025-59282 https://t.co/6t60GcY7Ji

    @IngAbreuOrtiz

    18 Oct 2025

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Vulnerabilidad crítica en Microsoft IIS ⚠️ CVE-2025-59282 https://t.co/inif2JTajj https://t.co/UU8eTT73Qj

    @elhackernet

    18 Oct 2025

    11488 Impressions

    59 Retweets

    198 Likes

    61 Bookmarks

    1 Reply

    1 Quote

  4. Microsoft discloses critical IIS vulnerability (CVE-2025-59282) allowing remote code execution. Organizations urged to apply patches promptly. Link: https://t.co/yqcRFAX8T2 #Security #Microsoft #IIS #CVE #Patch #Update #Remote #Code #Execution #Risk #Threat #Exploit #Servers

    @dailytechonx

    16 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 #CVE-2025-59282: New #Microsoft IIS Vulnerability Exposes Systems to Local Code Execution Risk https://t.co/CWi8fUWUfq

    @UndercodeNews

    15 Oct 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. MicrosoftのIISに重大なコード実行脆弱性、CVE-2025-59282が報告された。競合状態とuse-after-freeを悪用し、IISのCOMオブジェクト処理を通じて任意コード実行が可能になる恐れがある。

    @yousukezan

    15 Oct 2025

    1377 Impressions

    0 Retweets

    8 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.