Elevation of Privilege Vulnerability in Microsoft Brokering File System
CVE-2025-59189

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows Server 2025 (server Core Installation); Windows 11 Version 24h2; Windows Server 2025
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59189?

A vulnerability in the Microsoft Brokering File System has been identified, which allows unauthorized attackers to leverage a use-after-free condition to elevate privileges on the affected system. This flaw could enable malicious actors to execute commands at a higher privilege level, potentially compromising sensitive data and system integrity. Users of the Microsoft Brokering File System should be aware of this vulnerability and take necessary security measures to mitigate risks.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.6899

Windows 11 Version 25H2 Unknown 10.0.26200.0 < 10.0.26200.6899

Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.6899

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 10, 2025

JSON