Denial of Service Vulnerability in Microsoft Windows Search Component
CVE-2025-59198

5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59198?

An improper input validation vulnerability has been identified in the Microsoft Windows Search Component, which could allow an authorized attacker to trigger a denial of service condition locally. This flaw can be exploited by sending specially crafted input to the Windows Search Component, subsequently leading to service interruptions. It is crucial for users and administrators to be aware of this vulnerability to ensure appropriate measures are taken to mitigate potential impacts.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21161

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8519

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7919

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 10, 2025

JSON