CVE-2025-64669

Published Dec 11, 2025

Last updated 17 days ago

CVSS high 7.8
Windows Admin Center

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-64669 is a local privilege escalation vulnerability in Microsoft's Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running WAC 2411 and earlier. The vulnerability stems from insecure directory permissions on the folder C:\ProgramData\WindowsAdminCenter, which is writable by standard users but used by services running with elevated privileges. An authorized attacker can exploit this improper access control to elevate privileges locally. One exploitation chain involves abusing the extension uninstall mechanism by placing a signed PowerShell script in the writable WAC UI directory, which then gets executed with elevated privileges when the corresponding extension is removed. Another path involves hijacking the updater via a DLL loading flaw.

Description
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_admin_center

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-284

Social media

Hype score
Not currently trending

  1. #exploit 1⃣. CVE-2025-64669: LPE in Windows Admin Center - https://t.co/ysBvbo3McH // A privilege escalation flaw in Windows Admin Center 2.4x allows attackers to execute malicious code with SYSTEM privileges via insecure directory permissions and DLL hijacking 2⃣. Exploit

    @ksg93rd

    18 Dec 2025

    483 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  2. Schwachstelle in Windows Admin Center ermöglicht Systemzugriff - Die unter CVE-2025-64669 registrierte Sicherheitslücke betrifft zahlreiche Unternehmensinstallationen und wurde im Dezember 2025 durch einen offiziellen Patch geschlossen. https://t.co/7dD3Lo7Tou #windows

    @KolaricDav5471

    18 Dec 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 BREAKING: Your Windows Admin Center just got exposed CVE-2025-64669 is the privilege escalation nightmare you didn't see coming CVSS: 7.8 Impact: SYSTEM-level access Fix: Patch NOW This one's wild. A thread 🧵👇 https://t.co/4fZmzStpbk #CyberSecurity #InfoSec https:/

    @nxtgen579255

    18 Dec 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🛡️Windows Yönetim Merkezi, kritik Güvenlik Açığı; Windows Yönetim Merkezi'ndeki (WAC) CVE-2025-64669 açığı, saldırganların yetki yükseltmesine olanak tanıyor. 2.4.2.1 ve 2411 sürümleri risk altında. Sorun, ProgramData dizinindeki güvensiz izinlerden kayna

    @0mercansiskolu

    17 Dec 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Uncovering CVE-2025-64669 in Windows Admin Center https://t.co/jLI27Zk5NP

    @akaclandestine

    17 Dec 2025

    986 Impressions

    4 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access https://t.co/VG3ZTiWcCh

    @Karma_X_Inc

    17 Dec 2025

    1443 Impressions

    3 Retweets

    16 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  7. Uncovering CVE-2025-64669 in Windows Admin Center - https://t.co/m7eFj8djh8

    @piedpiper1616

    17 Dec 2025

    3647 Impressions

    8 Retweets

    27 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  8. 🛡️ Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges Source: https://t.co/Or3UhwZLkq A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running W

    @The_Cyber_News

    16 Dec 2025

    8740 Impressions

    76 Retweets

    187 Likes

    62 Bookmarks

    4 Replies

    5 Quotes

  9. MicrosoftのWindows Admin Centerに権限昇格の欠陥が見つかり、一般ユーザーからSYSTEM権限を奪取できる恐れが判明した(CVE-2025-64669)。管理基盤として広く使われる製品だけに、サーバー運用環境全体へ深刻な影響が及

    @yousukezan

    16 Dec 2025

    2440 Impressions

    6 Retweets

    36 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  10. Windows Admin Center flaw CVE-2025-64669 allows local privilege escalation in versions up to 2.4.2.1, due to writable C:\ProgramData\WindowsAdminCenter directory used by high-privilege services. https://t.co/5C0pWeVCWB

    @threatcluster

    16 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center https://t.co/tkyB5wdge7

    @_r_netsec

    15 Dec 2025

    2145 Impressions

    12 Retweets

    19 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.