CVE-2025-59516: Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1809	< 10.0.17763.8146	10.0.17763.8146
microsoft	windows_10_21h2	< 10.0.19044.6691	10.0.19044.6691
microsoft	windows_10_22h2	< 10.0.19045.6691	10.0.19045.6691
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.8146	10.0.17763.8146
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.6691	10.0.19044.6691
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.6691	10.0.19045.6691
microsoft	windows_11_23h2	< 10.0.22631.6345	10.0.22631.6345
microsoft	windows_11_24h2	< 10.0.26100.7392	10.0.26100.7392
microsoft	windows_11_25h2	< 10.0.26200.7392	10.0.26200.7392
microsoft	windows_11_version_22h3	>= 10.0.22631.0 < 10.0.22631.6345	10.0.22631.6345
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.6345	10.0.22631.6345
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.7462	10.0.26100.7462
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.7462	10.0.26200.7462
microsoft	windows_server_2019	< 10.0.17763.8146	10.0.17763.8146
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.8146	10.0.17763.8146
microsoft	windows_server_2022	< 10.0.20348.4467	10.0.20348.4467
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.4529	10.0.20348.4529
microsoft	windows_server_2022_23h2	< 10.0.25398.2025	10.0.25398.2025
microsoft	windows_server_2025	< 10.0.26100.7392	10.0.26100.7392
microsoft	windows_server_2025	>= 10.0.26100.0 < 10.0.26100.7462	10.0.26100.7462
msrc	windows_10_version_1809	—	—
msrc	windows_10_version_21h2	—	—
msrc	windows_10_version_22h2	—	—
msrc	windows_11_version_23h2	—	—
msrc	windows_11_version_24h2	—	—