Windows Authentication Methods Elevation of Privilege Vulnerability
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
MSRC compact vulnerability detail
CVE-2025-59278 · Windows Authentication Elevation of Privilege Vulnerability
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Signals
Windows Authentication Methods
Elevation of Privilege
Exploited: No
Publicly disclosed: No
Exploitability: Exploitation Less Likely
CWE
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Description
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
FAQ / Articles
FAQ
How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges.