CVE-2025-64669

Published Dec 11, 2025

Last updated 4 months ago

CVSS high 7.8
Windows Admin Center

Overview

Description
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_admin_center

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-284

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #CVE202564669 Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access https://t.co/jQePHif7Gy

    @Komodosec

    23 Jan 2026

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Vulnerabilidad en productos Microsoft ❗ CVE-2025-64669 ➡️ Más info: https://t.co/CBhZajIBbk https://t.co/1TqIf8FbUm

    @CERTpy

    30 Dec 2025

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #exploit 1⃣. CVE-2025-64669: LPE in Windows Admin Center - https://t.co/ysBvbo3McH // A privilege escalation flaw in Windows Admin Center 2.4x allows attackers to execute malicious code with SYSTEM privileges via insecure directory permissions and DLL hijacking 2⃣. Exploit

    @ksg93rd

    18 Dec 2025

    483 Impressions

    0 Retweets

    5 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. Schwachstelle in Windows Admin Center ermöglicht Systemzugriff - Die unter CVE-2025-64669 registrierte Sicherheitslücke betrifft zahlreiche Unternehmensinstallationen und wurde im Dezember 2025 durch einen offiziellen Patch geschlossen. https://t.co/7dD3Lo7Tou #windows

    @KolaricDav5471

    18 Dec 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 BREAKING: Your Windows Admin Center just got exposed CVE-2025-64669 is the privilege escalation nightmare you didn't see coming CVSS: 7.8 Impact: SYSTEM-level access Fix: Patch NOW This one's wild. A thread 🧵👇 https://t.co/4fZmzStpbk #CyberSecurity #InfoSec https:/

    @nxtgen579255

    18 Dec 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛡️Windows Yönetim Merkezi, kritik Güvenlik Açığı; Windows Yönetim Merkezi'ndeki (WAC) CVE-2025-64669 açığı, saldırganların yetki yükseltmesine olanak tanıyor. 2.4.2.1 ve 2411 sürümleri risk altında. Sorun, ProgramData dizinindeki güvensiz izinlerden kayna

    @0mercansiskolu

    17 Dec 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Uncovering CVE-2025-64669 in Windows Admin Center https://t.co/jLI27Zk5NP

    @akaclandestine

    17 Dec 2025

    986 Impressions

    4 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access https://t.co/VG3ZTiWcCh

    @Karma_X_Inc

    17 Dec 2025

    1443 Impressions

    3 Retweets

    16 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  9. Uncovering CVE-2025-64669 in Windows Admin Center - https://t.co/m7eFj8djh8

    @piedpiper1616

    17 Dec 2025

    3647 Impressions

    8 Retweets

    27 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  10. 🛡️ Windows Admin Center Vulnerability (CVE-2025-64669) Let Attackers Escalate Privileges Source: https://t.co/Or3UhwZLkq A new local privilege escalation vulnerability in Microsoft’s Windows Admin Center (WAC), affecting versions up to 2.4.2.1 and environments running W

    @The_Cyber_News

    16 Dec 2025

    8740 Impressions

    76 Retweets

    187 Likes

    62 Bookmarks

    4 Replies

    5 Quotes

  11. MicrosoftのWindows Admin Centerに権限昇格の欠陥が見つかり、一般ユーザーからSYSTEM権限を奪取できる恐れが判明した(CVE-2025-64669)。管理基盤として広く使われる製品だけに、サーバー運用環境全体へ深刻な影響が及

    @yousukezan

    16 Dec 2025

    2440 Impressions

    6 Retweets

    36 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  12. Windows Admin Center flaw CVE-2025-64669 allows local privilege escalation in versions up to 2.4.2.1, due to writable C:\ProgramData\WindowsAdminCenter directory used by high-privilege services. https://t.co/5C0pWeVCWB

    @threatcluster

    16 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center https://t.co/tkyB5wdge7

    @_r_netsec

    15 Dec 2025

    2145 Impressions

    12 Retweets

    19 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.CVE-2026-23660
  2. Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.CVE-2026-26119
  3. Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.CVE-2026-20965
  4. External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.CVE-2025-29819

References

Sources include official advisories and independent security research.