cve-2025-53789-mismatch

About this tag
The tag cve-2025-53789-mismatch covers a specific issue where public reporting confuses CVE-2025-53789 with CVE-2025-49723, a privilege escalation vulnerability in the Windows StateRepository API. The vulnerability involves a missing authorization check that allows a locally authenticated attacker to tamper with files and escalate privileges. Microsoft's Security Update Guide entry for the StateRepository API is referenced, but the CVE number mismatch is highlighted as a critical detail for administrators to note before applying patches. The tag content focuses on clarifying this mismatch and providing guidance for proper patch identification.
  1. CVE-2025-49723: StateRepository API Local Tampering and Patch Guide

    Microsoft’s Security Update Guide entry for the StateRepository API points to a missing authorization check that can be abused by a locally authorized attacker to tamper with files and escalate privileges — but there’s an important CVE-number mismatch in public reporting that every admin must...