CVE-2025-59204
published 2025-10-14CVE-2025-59204: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_21h2 | < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_22h2 | < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6456 | 10.0.19044.6456 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.6456 | 10.0.19045.6456 |
| microsoft | windows_11_22h2 | < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_23h2 | <= 10.0.22631.6060 | — |
| microsoft | windows_11_24h2 | < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_25h2 | < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.6060 | 10.0.22621.6060 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.6060 | 10.0.22631.6060 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.6899 | 10.0.26200.6899 |
| microsoft | windows_server_2019 | < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.7919 | 10.0.17763.7919 |
| microsoft | windows_server_2022 | < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4294 | 10.0.20348.4294 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1913 | 10.0.25398.1913 |
| microsoft | windows_server_2025 | <= 10.0.26100.6899 | — |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6899 | 10.0.26100.6899 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
Microsoft
Windows Management Services Information Disclosure Vulnerability
vendor_msrc·2025-10-14·CVSS 5.5
CVE-2025-59204 [MEDIUM] CWE-908 Windows Management Services Information Disclosure Vulnerability
Windows Management Services Information Disclosure Vulnerability
Description: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.
Windows Management Services: Windows Management Services
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5066835
Reference: https://support.microsoft.com/help/5066835
Reference: https
GHSA
GHSA-f8ph-gwf6-g535: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally
ghsa_unreviewed·2025-10-14
CVE-2025-59204 [MEDIUM] CWE-908 GHSA-f8ph-gwf6-g535: Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
No detection rules found.
No public exploits indexed.
2025-10-14
Published