CVE-2025-59294

Description

Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.

CVSS Details

CVSS Score

2.1

Severity

LOW

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* - VULNERABLE

Microsoft Windows（受影响的版本需参考 Microsoft 官方安全公告）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-59294 - Windows Taskbar Live Information Disclosure PoC
# Note: This vulnerability requires physical access to the target device
# and user interaction to trigger the information disclosure.

import subprocess
import sys

def trigger_taskbar_preview_leak():
    """
    Conceptual PoC for CVE-2025-59294.
    Demonstrates how sensitive information cached in Windows Taskbar Live
    previews could be accessed via physical interaction.
    """
    print("[*] CVE-2025-59294 PoC - Windows Taskbar Live Info Disclosure")
    print("[*] Requires: Physical access + User interaction")

    # Step 1: Identify running applications with cached preview data
    try:
        # Enumerate windows with taskbar live preview capability
        result = subprocess.run(
            ['powershell', '-Command',
             'Get-Process | Where-Object {$_.MainWindowTitle -ne ""} | '
             'Select-Object -First 10 ProcessName, MainWindowTitle'],
            capture_output=True, text=True, timeout=10
        )
        print("[+] Applications with active taskbar previews:")
        print(result.stdout)
    except Exception as e:
        print(f"[-] Error enumerating processes: {e}")

    # Step 2: Attempt to read cached thumbnail/preview data
    # The actual exploit leverages Windows Taskbar Live API to extract
    # cached preview thumbnails which may contain sensitive information
    print("\n[*] Attempting to extract cached taskbar preview data...")
    print("[*] This would involve accessing the thumbnail cache via")
    print("[*] the ITaskbarList3::ThumbnailTooltip or similar COM interfaces")

    # Step 3: Physical attack scenario
    print("\n[!] Physical Attack Scenario:")
    print("    1. Attacker gains physical proximity to target device")
    print("    2. Hover over taskbar icons to trigger live previews")
    print("    3. Extract sensitive information from preview thumbnails")
    print("    4. No authentication or elevated privileges required")

if __name__ == "__main__":
    trigger_taskbar_preview_leak()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59294
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59294
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59294/
[4] VulDB https://vuldb.com/cve/CVE-2025-59294
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59294

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59294", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:16:12.677", "lastModified": "2025-10-22T16:44:40.060", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.7, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.10240.21161", "matchCriteriaId": "9D5EB1D1-8C53-4188-90B9-8ED2FD2837BD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8519", "matchCriteriaId": "A6CE9E60-F2F1-43F2-A535-5326E903D219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "B51B700D-B45F-4A8E-9F78-67A1282B3BEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19044.6456", "matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19045.6456", "matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.22621.6060", "matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.22631.6060", "matchCriteriaId": "A3FEBF91-5010-4C84-B93A-6EFA4838185A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.6899", "matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26200.6899", "matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.14393.8519", "matchCriteriaId": "7A8CC16F-8B44-4E7D-8503-25D753387345"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.1913", "matchCriteriaId": "370C12D6-90EF-44BE-8070-AA0080C12600"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.6899", "matchCriteriaId": "72C1771B-635B-41E3-84AF-8822467A1869"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59294", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}