CVE-2025-59257Improper Validation of Specified Type of Input in Microsoft Windows 11 Version 24h2

CWE-1287Improper Validation of Specified Type of Input5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Windows 11 Version 24h2Microsoft Windows 11 Version 25h2Microsoft Windows Server 2025+3 more
Timeline
PublishedOct 14

Description

Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDmicrosoft/windows< 10.0.25398.1913+1
NVDmicrosoft/windows_11_24h2< 10.0.26100.6899
NVDmicrosoft/windows_11_25h2< 10.0.26200.6899
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.6899
CVEListV5microsoft/windows_11_version_24h210.0.26100.010.0.26100.6899

🔴Vulnerability Details

2
GHSA
GHSA-37x9-hxcw-w9fv: Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network2025-10-14
CVEList
Windows Local Session Manager (LSM) Denial of Service Vulnerability2025-10-14

📋Vendor Advisories

1
Microsoft
Windows Local Session Manager (LSM) Denial of Service Vulnerability2025-10-14

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14
CVE-2025-59257 — Microsoft vulnerability | cvebase