local privilege escalation

Microsoft has published an update addressing CVE-2025-59278, a Windows authentication elevation-of-privilege flaw that allows a locally authorized attacker to gain higher system privileges through improper input validation in Windows authentication methods—security teams should treat this as a...

Microsoft has recorded CVE-2025-59241 as an elevation‑of‑privilege bug in the newly introduced Windows Health and Optimized Experiences service (whesvc), and the initial vendor and aggregator records assign it a High severity (CVSS 3.1 = 7.8) with the underlying weakness classed as CWE‑59...

Microsoft’s October security roll-up closed a dangerous local privilege‑escalation hole in the Remote Access Connection Manager (RasMan) — tracked as CVE‑2025‑59230 — after Microsoft and its threat teams observed in‑the‑wild exploitation; the flaw is an improper access control condition that...

Microsoft confirmed a Windows kernel elevation‑of‑privilege vulnerability tracked as CVE‑2025‑59194, describing it as a use of uninitialized resource in kernel code that an authorized local attacker can exploit to gain elevated privileges; Microsoft published the advisory and security update...

Microsoft has published an advisory for CVE-2025-59189, a high‑severity local elevation‑of‑privilege (EoP) bug in the Microsoft Brokering File System (BFS) that Microsoft and multiple independent trackers classify as a use‑after‑free memory corruption enabling a local attacker to escalate to...

Microsoft has assigned CVE-2025-58736 to a class of vulnerabilities in Inbox COM Objects (Global Memory) that were patched in the October 2025 security updates; the issue is part of a broader family of COM/COM+ defects (race conditions, use‑after‑free and related memory‑safety faults) that can...

Microsoft has assigned CVE-2025-58714 to an elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock that allows an authorized local user to gain higher privileges, and Microsoft issued fixes on October 14, 2025 — administrators should treat this as a high-priority patch...

Microsoft has recorded CVE-2025-58725 as an elevation-of-privilege vulnerability in the Windows COM+ Event System (Inbox COM) / COM-based handler family that can allow a locally authorized attacker to escalate privileges on affected Windows hosts; administrators should treat this as a...

A high‑impact elevation‑of‑privilege flaw has been disclosed in the Azure Connected Machine (Azure Arc) agent that can let an authenticated local user — or an attacker with low‑privileged local execution — escalate to SYSTEM/root on Arc‑enabled servers, and potentially abuse machine identities...

CVE-2025-55697 is a newly catalogued heap‑based buffer overflow in an Azure local component that allows an authorized local user to elevate privileges on an affected host; Microsoft assigned a high severity rating (CVSS 3.1 base score 7.8) and published vendor guidance that administrators should...

Microsoft’s advisory for CVE-2025-50152 documents an out‑of‑bounds read in the Windows kernel that may allow an authorized local attacker to elevate privileges to SYSTEM; independent vulnerability trackers list the flaw with a CVSS v3.1 base score of 7.8 (High) and, until vendor KB mappings are...

Microsoft’s security tracking and community analysis show a continuing pattern: the Windows printing stack — specifically the PrintWorkflowUserSvc — has been the focus of high‑severity local elevation‑of‑privilege (EoP) disclosures, described repeatedly as memory‑corruption use‑after‑free (UAF)...

Microsoft has recorded CVE-2025-55688 as a use-after-free vulnerability in the Windows PrintWorkflowUserSvc that can allow a low‑privileged, authenticated local user to escalate to SYSTEM — Microsoft has published advisories and security updates addressing the issue, and multiple independent...

Microsoft has published a security advisory for CVE-2025-55678, a DirectX Graphics Kernel elevation-of-privilege vulnerability that allows an authenticated local attacker to escalate to SYSTEM by exploiting a use‑after‑free in the Windows DirectX Graphics Kernel (dxgkrnl), and administrators...

Microsoft's advisory for CVE-2025-55678 describes a use‑after‑free defect in the Windows DirectX Graphics Kernel that allows an authenticated local user to escalate privileges on affected systems, and the operational risk is high for multi‑user hosts, VDI/RDP infrastructure, and any service that...

Microsoft’s security tracking shows CVE-2025-55331 as a use‑after‑free (UAF) elevation‑of‑privilege flaw in the Windows PrintWorkflowUserSvc that can let an authorized local user escalate to SYSTEM under the right conditions — Microsoft assigned the issue a High CVSS v3.1 base score (7.0) and...

Microsoft’s vulnerability trackers and security aggregators published a new PowerShell elevation‑of‑privilege advisory identified as CVE‑2025‑25004 on October 14, 2025: the flaw is described as an improper access control (CWE‑284) in Microsoft PowerShell that can allow an authorized local...

Microsoft has assigned CVE-2025-55677 to a newly disclosed elevation-of-privilege vulnerability in the Windows Device Association Broker Service: the vendor describes the root cause as an untrusted pointer dereference that lets an authorized local user escalate privileges, and Microsoft has...

A newly cataloged vulnerability, CVE-2025-59290, affects the Windows Bluetooth Service and is described by vendors and trackers as a use‑after‑free (UAF) memory‑corruption flaw that allows an authorized local attacker to elevate privileges on an affected host. A patch was published on October...

Microsoft's advisory and community trackers point to an elevation‑of‑privilege flaw in the Xbox Gaming Services component that lets a local, low‑privilege user coerce higher‑privilege file operations via unsafe link resolution — a classic CWE‑59 (improper link resolution) pattern — and although...