CVE-2025-25004 | THREATINT

Home

Description

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.

PUBLISHED Reserved 2025-01-30 | Published 2025-10-14 | Updated 2025-11-22 | Assigner microsoft

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-284: Improper Access Control

Product status

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.17763.0 (custom) before 10.0.17763.7919

affected

10.0.20348.0 (custom) before 10.0.20348.4294

affected

10.0.19044.0 (custom) before 10.0.19044.6456

affected

10.0.22621.0 (custom) before 10.0.22621.6060

affected

10.0.19045.0 (custom) before 10.0.19045.6456

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.26200.0 (custom) before 10.0.26200.6899

affected

10.0.22631.0 (custom) before 10.0.22631.6060

affected

10.0.22631.0 (custom) before 10.0.22631.6060

affected

10.0.25398.0 (custom) before 10.0.25398.1913

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.26100.0 (custom) before 10.0.26100.6899

affected

10.0.10240.0 (custom) before 10.0.10240.21161

affected

10.0.14393.0 (custom) before 10.0.14393.8519

affected

10.0.14393.0 (custom) before 10.0.14393.8519

affected

10.0.14393.0 (custom) before 10.0.14393.8519

affected

6.0.6003.0 (custom) before 6.0.6003.23571

affected

6.0.6003.0 (custom) before 6.0.6003.23571

affected

6.1.7601.0 (custom) before 6.1.7601.27974

affected

6.1.7601.0 (custom) before 6.1.7601.27974

affected

6.2.9200.0 (custom) before 6.2.9200.25722

affected

6.2.9200.0 (custom) before 6.2.9200.25722

affected

6.3.9600.0 (custom) before 6.3.9600.22824

affected

6.3.9600.0 (custom) before 6.3.9600.22824

affected

7.4.0 (custom) before 7.4.13

affected

7.5.0 (custom) before 7.5.4

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25004 (PowerShell Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2025-25004)

nvd.nist.gov (CVE-2025-25004)

Download JSON