CVE-2025-59257
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-20
Assigner: Microsoft Corporation
Description
Description
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_11_24h2 | to 10.0.26100.6899 (exc) |
| microsoft | windows_11_25h2 | to 10.0.26200.6899 (exc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.1913 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.6899 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by improper validation of a specified type of input in the Windows Local Session Manager (LSM). It allows an authorized attacker to cause a denial of service over a network.
How can this vulnerability impact me? :
An authorized attacker can exploit this vulnerability to deny service over a network, potentially disrupting availability of affected systems or services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70