CVE-2025-54107
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-02
Assigner: Microsoft Corporation
Description
Description
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_10_1507 | to 10.0.10240.21128 (exc) |
| microsoft | windows_10_1507 | to 10.0.10240.21128 (exc) |
| microsoft | windows_10_1607 | to 10.0.14393.8422 (exc) |
| microsoft | windows_10_1607 | to 10.0.14393.8422 (exc) |
| microsoft | windows_10_1809 | to 10.0.17763.7792 (exc) |
| microsoft | windows_10_1809 | to 10.0.17763.7792 (exc) |
| microsoft | windows_10_21h2 | to 10.0.19044.6332 (exc) |
| microsoft | windows_10_22h2 | to 10.0.19045.6332 (exc) |
| microsoft | windows_11_22h2 | to 10.0.22621.5909 (exc) |
| microsoft | windows_11_23h2 | to 10.0.22631.5909 (exc) |
| microsoft | windows_11_24h2 | to 10.0.26100.6508 (exc) |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | * |
| microsoft | windows_server_2008 | r2 |
| microsoft | windows_server_2012 | * |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_server_2016 | to 10.0.14393.8422 (exc) |
| microsoft | windows_server_2019 | to 10.0.17763.7792 (exc) |
| microsoft | windows_server_2022 | to 10.0.20348.4106 (exc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.1849 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.6508 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-41 | The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper resolution of path equivalence in the Windows MapUrlToZone function, which allows an unauthorized attacker to bypass a security feature over a network.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to bypass security features remotely, potentially leading to unauthorized access or actions that are normally restricted.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70