CVE-2025-59211 is a vulnerability identified in the Windows Push Notification Core component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). It is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. The flaw allows an attacker who already has local access and low privileges (PR:L) to disclose sensitive information without requiring any user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have physical or logical access to the affected machine. The vulnerability does not affect system integrity or availability, focusing solely on confidentiality (C:H, I:N, A:N). The CVSS v3.1 base score is 5.5, indicating a medium severity level. The vulnerability is currently published with no known exploits in the wild and no official patches released yet. The exposure arises from improper handling within the Windows Push Notification Core, potentially leaking sensitive data that could be leveraged for further attacks or reconnaissance. Since Windows 10 Version 1507 is an early release of Windows 10, it is considered legacy and less commonly used in modern environments, but still present in some legacy or specialized systems. The vulnerability emphasizes the risk of running outdated operating system versions and the importance of local access controls.

The primary impact of CVE-2025-59211 is the unauthorized disclosure of sensitive information on affected Windows 10 Version 1507 systems. This can lead to confidentiality breaches, potentially exposing user data, system configuration details, or other sensitive information that could aid attackers in further exploitation or lateral movement. Since the vulnerability requires local access and low privileges, the risk is limited to insiders, compromised accounts, or attackers who have already gained some foothold on the system. There is no impact on system integrity or availability, so the vulnerability does not directly enable system compromise or denial of service. However, the information leakage could facilitate more sophisticated attacks or privilege escalation attempts. Organizations relying on legacy Windows 10 systems, especially in sensitive environments, face increased risk if local access controls are weak or if attackers can gain physical or remote local access. The lack of patches increases exposure duration, and the absence of known exploits suggests limited current exploitation but does not preclude future attacks.

1. Upgrade affected systems from Windows 10 Version 1507 to a supported, fully patched version of Windows 10 or later to eliminate the vulnerability. 2. Restrict local access to systems running legacy Windows versions by enforcing strict physical security and limiting user accounts with local login privileges. 3. Implement robust endpoint detection and response (EDR) solutions to monitor for suspicious local activity that could indicate attempts to exploit this vulnerability. 4. Apply the principle of least privilege to user accounts, ensuring that users have only the minimum necessary permissions to reduce the risk of exploitation. 5. Use application whitelisting and control execution policies to prevent unauthorized code execution that could leverage leaked information. 6. Regularly audit and review local user accounts and access logs to detect unauthorized access attempts. 7. Stay informed on Microsoft security advisories for any forthcoming patches or mitigations related to this vulnerability. 8. Consider network segmentation to isolate legacy systems and limit the potential impact of local compromise.