CVE-2025-55694
published 2025-10-14CVE-2025-55694: Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
PriorityP349high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
2.76%
84.3th percentile
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_server_2025 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ffwv-m2wp-x38c: Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-10-14
CVE-2025-55694 [HIGH] CWE-284 GHSA-ffwv-m2wp-x38c: Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally
Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Microsoft
Windows Error Reporting Service Elevation of Privilege Vulnerability
vendor_msrc·2025-10-14·CVSS 7.8
CVE-2025-55694 [HIGH] CWE-284 Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
Description: Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
Windows Error Reporting: Windows Error Reporting
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
Reference: https://support.microsoft.com/help/5066835
Reference: https://catalog.update.micr
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys
blogs_qualys·2025-10-14
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for October 2025
- Adobe Patches for October 2025
- Zero-day Vulnerabilities Patched in October Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response with TruRisk Eliminate
- Automating Risk Elimination and Accelerating Response: Meet Agent Sara
- EVALUATE Vendor-Suggested Mitigation withPolicy Audit
- Qualys Monthly Webinar Series
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need t
Qualys
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review
blogs_qualys·2025-10-14
Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for October 2025
Adobe Patches for October 2025
Zero-day Vulnerabilities Patched in October Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response with TruRisk Eliminate
Automating Risk Elimination and Accelerating Response: Meet Agent Sara
EVALUATE Vendor-Suggested Mitigation withPolicy Audit
Qualys Monthly Webinar Series
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know.
## Mi
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
blogs_bleepingcomputer·2025-10-14·CVSS 7.8
[HIGH] Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Lawrence Abrams
80 Elevation of Privilege Vulnerabilities
11 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
28 Information Disclosure Vulnerabilities
11 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month.
Notably, Windows 10 reaches the end of support today , with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system.
To continue receiving security upd
2025-10-14
Published