CVE-2025-59289
published 2025-10-14CVE-2025-59289: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_21h2 | < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_22h2 | < 10.0.19045.6332 | 10.0.19045.6332 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19044.6332 | 10.0.19044.6332 |
| microsoft | windows_11_22h2 | < 10.0.22621.5909 | 10.0.22621.5909 |
| microsoft | windows_11_23h2 | < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_24h2 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5909 | 10.0.22631.5909 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| microsoft | windows_server_2022 | < 10.0.20348.4106 | 10.0.20348.4106 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.4171 | 10.0.20348.4171 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1849 | 10.0.25398.1849 |
| microsoft | windows_server_2025 | < 10.0.26100.6508 | 10.0.26100.6508 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.6584 | 10.0.26100.6584 |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
Microsoft
Windows Bluetooth Service Elevation of Privilege Vulnerability
vendor_msrc·2025-10-14·CVSS 7.0
CVE-2025-59289 [HIGH] CWE-415 Windows Bluetooth Service Elevation of Privilege Vulnerability
Windows Bluetooth Service Elevation of Privilege Vulnerability
Description: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Bluetooth Service: Windows Bluetooth Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploita
GHSA
GHSA-j3c2-wqf5-8pp4: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally
ghsa_unreviewed·2025-10-14
CVE-2025-59289 [HIGH] CWE-415 GHSA-j3c2-wqf5-8pp4: Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
No detection rules found.
No public exploits indexed.
2025-10-14
Published