SB2025101466 - Multiple vulnerabilities in Microsoft Windows Kernel

Security Bulletin ID SB2025101466

Severity

Low

Patch available

YES

Number of vulnerabilities 10

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2025-59186)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.

2) Use of uninitialized resource (CVE-ID: CVE-2025-59194)

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in Windows Kernel. A local user can pass specially crafted data to the application, trigger uninitialized usage of resources and gain elevated privileges on the system.

3) Input validation error (CVE-ID: CVE-2025-59187)

The vulnerability allows a local user to escalate privielegs on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Kernel. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.

4) Information disclosure (CVE-ID: CVE-2025-55699)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.

5) Use-after-free (CVE-ID: CVE-2025-55693)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Windows Kernel. A local user can win a race condition and gain elevated privileges on the system.

6) Information disclosure (CVE-ID: CVE-2025-55683)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Kernel. A local user can gain unauthorized access to sensitive information on the system.

7) Input validation error (CVE-ID: CVE-2025-55679)

The vulnerability allows a local attacker to gain access to sensitive information on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Kernel. A local attacker can pass specially crafted input to the application and disclose certain memory address within kernel space.

8) Cleartext storage of sensitive information (CVE-ID: CVE-2025-55334)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in Windows Kernel. A local attacker can decrypt the driver's settings.

9) Out-of-bounds read (CVE-ID: CVE-2025-50152)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Windows Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.

10) Untrusted Pointer Dereference (CVE-ID: CVE-2025-59207)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference in Windows Kernel. A local user can gain elevated privileges on the target system.

Remediation

Install update from vendor's website.

SB2025101466 - Multiple vulnerabilities in Microsoft Windows Kernel

Breakdown by Severity

Description

Remediation

References