CVE-2025-59185

CWE-734 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 76.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
30
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+27 more
Timeline
PublishedOct 14

Description

External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages29 packages

CVEListV5microsoft/windows_server_2016_(server_core_installation)10.0.14393.010.0.14393.8519
CVEListV5microsoft/windows_server_2019_(server_core_installation)10.0.17763.010.0.17763.7919
CVEListV5microsoft/windows_server_2025_(server_core_installation)10.0.26100.010.0.26100.6899
CVEListV5microsoft/windows_server_2012_r2_(server_core_installation)6.3.9600.06.3.9600.22824
NVDmicrosoft/windows< 10.0.17763.7919+4

🔴Vulnerability Details

2
CVEList
NTLM Hash Disclosure Spoofing Vulnerability2025-10-14
GHSA
GHSA-h5v9-h87r-rxhc: External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network2025-10-14

📋Vendor Advisories

1
Microsoft
NTLM Hash Disclosure Spoofing Vulnerability2025-10-14
CVE-2025-59185 (MEDIUM CVSS 6.5) | External control of file name or pa | cvebase.io