CVE-2025-59209 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting Microsoft Windows 11 Version 25H2, specifically version 10.0.26200.0. The flaw resides in the Windows Push Notification Core component, which handles the delivery and processing of push notifications on the system. An attacker with authorized local access and low privileges can exploit this vulnerability to disclose sensitive information stored or processed by this component. The vulnerability does not require user interaction, making it easier to exploit once local access is obtained. The CVSS v3.1 base score is 5.5, indicating medium severity, with attack vector local (AV:L), attack complexity low (AC:L), privileges required low (PR:L), no user interaction (UI:N), and scope unchanged (S:U). The impact is high on confidentiality (C:H) but none on integrity (I:N) or availability (A:N). The vulnerability was reserved on September 10, 2025, and published on October 14, 2025. No patches or known exploits are currently available, but the vulnerability is officially recognized and published. The exposure of sensitive information could lead to leakage of credentials, personal data, or system information that could facilitate further attacks or privacy violations. Since the attack requires local access, it is primarily a threat in environments where multiple users share systems or where attackers have gained limited access through other means.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. Sensitive information exposure could include user credentials, system configuration, or notification content, potentially enabling further lateral movement or privilege escalation. Organizations with shared workstations, remote desktop environments, or multi-user systems are particularly vulnerable. The lack of impact on integrity and availability reduces the risk of direct system disruption but does not eliminate the risk of data breaches. Sectors such as finance, healthcare, and government, which handle sensitive personal and operational data, could face compliance and reputational damage if exploited. The medium severity and local access requirement limit the threat to insiders or attackers who have already compromised a system segment. However, the absence of patches increases the window of exposure. European entities must be vigilant, especially those with high Windows 11 25H2 deployment and critical infrastructure, as attackers could leverage this vulnerability as part of multi-stage attacks.

1. Restrict local access to Windows 11 25H2 systems by enforcing strict user account controls and limiting administrative privileges. 2. Implement robust endpoint detection and response (EDR) solutions to monitor for unusual local activity related to the Windows Push Notification Core. 3. Enforce network segmentation and access controls to reduce the risk of attackers gaining initial local access. 4. Educate users and administrators about the risks of local privilege abuse and the importance of securing local accounts. 5. Regularly audit and review user permissions and system logs for signs of unauthorized access attempts. 6. Apply security updates and patches from Microsoft as soon as they become available for this vulnerability. 7. Consider deploying application whitelisting and restricting execution of unauthorized code on affected systems. 8. Use multi-factor authentication (MFA) to reduce the risk of credential compromise that could lead to local access. 9. For critical systems, consider isolating or limiting use of Windows Push Notification Core features if feasible until patched. 10. Maintain an incident response plan that includes procedures for handling local privilege and information disclosure incidents.