CVE-2025-55679
published 2025-10-14CVE-2025-55679: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_21h2 | < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_22h2 | < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_11_22h2 | < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_23h2 | < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_server_2019 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2022 | < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1913 | 10.0.25398.1913 |
| microsoft | windows_server_2025 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
Microsoft
Windows Kernel Information Disclosure Vulnerability
vendor_msrc·2025-10-14·CVSS 5.1
CVE-2025-55679 [MEDIUM] CWE-20 Windows Kernel Information Disclosure Vulnerability
Windows Kernel Information Disclosure Vulnerability
Description: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
FAQ: What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.
Windows Kernel: Windows Kernel
Microsoft: Microsoft
Customer Action Requ
GHSA
GHSA-grhv-v7mf-c7c2: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally
ghsa_unreviewed·2025-10-14
CVE-2025-55679 [MEDIUM] CWE-20 GHSA-grhv-v7mf-c7c2: Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.
No detection rules found.
No public exploits indexed.
2025-10-14
Published