CVE-2025-59257
Windows Local Session Manager (LSM) Denial of Service Vulnerability
In short
Windows Local Session Manager has a flaw where it doesn't properly validate certain input, allowing an authorized attacker on the network to crash or disable the service, causing a denial of service.
Technical detail
Improper input validation in Windows LSM (CWE-1287) permits an authenticated network attacker to send specially crafted input that triggers a denial of service condition. Requires valid network credentials to exploit; impact is service unavailability.
Summary generated and translated by AI from the official description.
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 11 Version 24H2Microsoft · Windows 11 Version 25H2Microsoft · Windows Server 2022, 23H2 Edition (Server Core installation)Microsoft · Windows Server 2025Microsoft · Windows Server 2025 (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →