CVE-2025-59512

Published Nov 11, 2025

Last updated 8 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59512 describes an improper access control vulnerability found within the Customer Experience Improvement Program (CEIP). This flaw enables an authorized attacker to locally elevate their privileges. The vulnerability impacts multiple versions of Windows, including Windows 10, Windows 11, and various Windows Server editions.

Description
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_23h2, windows_11_24h2, windows_11_25h2, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-284

Social media

Hype score
Not currently trending

Configurations

References

Sources include official advisories and independent security research.