You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-53789-mismatch
About this tag
The tag cve-2025-53789-mismatch covers a specific issue where public reporting confuses CVE-2025-53789 with CVE-2025-49723, a privilege escalation vulnerability in the Windows StateRepository API. The vulnerability involves a missing authorization check that allows a locally authenticated attacker to tamper with files and escalate privileges. Microsoft's Security Update Guide entry for the StateRepository API is referenced, but the CVE number mismatch is highlighted as a critical detail for administrators to note before applying patches. The tag content focuses on clarifying this mismatch and providing guidance for proper patch identification.
Microsoft’s Security Update Guide entry for the StateRepository API points to a missing authorization check that can be abused by a locally authorized attacker to tamper with files and escalate privileges — but there’s an important CVE-number mismatch in public reporting that every admin must...