Vulnerability in Microsoft Driver Block List Affecting Windows Systems
CVE-2025-59033

9.8CRITICAL

Key Information:

Vendor: Microsoft
Status: Windows
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-59033?

A vulnerability exists in Microsoft’s driver block list which is part of the Windows Defender Application Control (WDAC) policy. If hypervisor-protected code integrity (HVCI) is not enabled on a system, specific block list entries utilize only the to-be-signed (TBS) portion of the code signer certificate effectively but fail to block others when a 'FileAttribRef' qualifier is present. This issue impacts all Windows systems that do not support or enable HVCI, potentially allowing untrusted drivers to be loaded. Microsoft advises using Application Control for systems without HVCI and highlights the need for a detailed approach to custom blocklist entries for effective enforcement.

References

https://learn.microsoft.com/en-us/windows/security/applic...

https://learn.microsoft.com/en-us/windows/security/hardwa...

https://x.com/JonnyJohnson_/status/1895103112924307727

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Sep 8, 2025