CVE-2025-59033

EPSS 0.06%
Veröffentlicht 08.09.2025 00:00:00
Zuletzt bearbeitet 17.11.2025 16:15:48
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. Entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate's TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) may not be blocked, whether hypervisor-protected code integrity (HVCI) is enabled or not. NOTE: The vendor disputes this CVE ID assignment and states that the driver blocklist is intended for use with HVCI.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMicrosoft

≫

Produkt Windows

Default Statusunknown

Version <= Server 2025

Version 10

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	7.4	1.4	5.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-420 Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules

https://learn.microsoft.com/en-us/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity

https://x.com/JonnyJohnson_/status/1895103112924307727

https://nvd.nist.gov/vuln/detail/CVE-2025-59033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59033

EUVD