Elevation of Privilege Vulnerability in Windows Resilient File System by Microsoft
CVE-2025-59210

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 25h2; Windows Server 2025 (server Core Installation); Windows 11 Version 24h2; Windows Server 2025
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59210?

A vulnerability exists in the Windows Resilient File System (ReFS) that allows an attacker to execute arbitrary code with elevated privileges. This occurs through the deduplication service, which could be exploited by an unauthenticated user via crafted requests. Successful exploitation could allow attackers to gain access to sensitive data and resources. Organizations are advised to apply available security updates to mitigate this vulnerability.

Affected Version(s)

Windows 11 Version 24H2 ARM64-based Systems 10.0.26100.0 < 10.0.26100.6899

Windows 11 Version 25H2 Unknown 10.0.26200.0 < 10.0.26200.6899

Windows Server 2025 (Server Core installation) x64-based Systems 10.0.26100.0 < 10.0.26100.6899

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 11, 2025

JSON