Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2025-59184 · Storage Spaces Direct Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.

Severity
Important
Impact
Information Disclosure
CVSS
5.5 base · 4.8 temporal
Release
2025-10-14
Signals
Windows High Availability Services Information Disclosure Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
FAQ / Articles
Windows High Availability Services Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
Windows High Availability Services Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
FAQ
What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.