CVE-2025-25004

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*

History

20 Oct 2025, 20:06

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25004 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25004 - Vendor Advisory
First Time Microsoft windows 11 25h2
Microsoft windows 10 1607
Microsoft windows 11 24h2
Microsoft windows 11 23h2
Microsoft windows Server 2016
Microsoft
Microsoft powershell
Microsoft windows 11 22h2
Microsoft windows Server 2025
Microsoft windows Server 2012
Microsoft windows Server 2022 23h2
Microsoft windows Server 2022
Microsoft windows 10 21h2
Microsoft windows 10 1809
Microsoft windows 10 1507
Microsoft windows 10 22h2
Microsoft windows Server 2008
Microsoft windows Server 2019
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

14 Oct 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-10-14 17:15

Updated : 2025-10-20 20:06


NVD link : CVE-2025-25004

Mitre link : CVE-2025-25004

CVE.ORG link : CVE-2025-25004


JSON object : View

Products Affected

microsoft

  • windows_10_22h2
  • windows_10_1607
  • windows_server_2016
  • windows_11_25h2
  • windows_server_2022
  • windows_11_23h2
  • windows_server_2025
  • windows_server_2012
  • windows_10_21h2
  • windows_11_24h2
  • windows_11_22h2
  • windows_10_1507
  • powershell
  • windows_10_1809
  • windows_server_2008
  • windows_server_2019
  • windows_server_2022_23h2
CWE
CWE-284

Improper Access Control

NVD-CWE-noinfo