{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64669", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-11-06T23:40:37.276Z", "datePublished": "2025-12-11T18:06:13.821Z", "dateUpdated": "2026-04-16T14:19:08.517Z"}, "containers": {"cna": {"title": "Windows Admin Center Elevation of Privilege Vulnerability", "datePublic": "2025-12-09T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "versionStartIncluding": "1809.0", "versionEndExcluding": "2.6.5.16"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center", "versions": [{"version": "1809.0", "lessThan": "2.6.5.16", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-284: Improper Access Control", "lang": "en-US", "type": "CWE", "cweId": "CWE-284"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-16T14:19:08.517Z"}, "references": [{"name": "Windows Admin Center Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64669"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-12T04:55:52.442290Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T16:21:03.657Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-12T04:55:52.442290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T18:26:45.747Z"}}], "cna": {"title": "Windows Admin Center Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center", "versions": [{"status": "affected", "version": "1809.0", "lessThan": "2.6.2.6", "versionType": "custom"}]}], "datePublic": "2025-12-09T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64669", "name": "Windows Admin Center Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.6.2.6", "versionStartIncluding": "1809.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-02-20T15:59:19.067Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64669", "state": "PUBLISHED", "dateUpdated": "2026-02-26T16:21:03.657Z", "dateReserved": "2025-11-06T23:40:37.276Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-12-11T18:06:13.821Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E6B16F7-D308-4FCC-B230-6AFFB020AFE4", "versionEndExcluding": "2511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2025-64669", "lastModified": "2025-12-12T17:30:10.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2025-12-11T18:16:24.393", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64669"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secure@microsoft.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T15:39:21.902825+00:00", "value": {"mitigation_remediation": ["Update Windows Admin Center to the latest version available from Microsoft.", "Review and enforce minimum privilege levels for local accounts used by Windows Admin Center, ensuring only required users have elevated permissions.", "Audit management server logs for abnormal privilege\u2011elevation activity and implement alerts for such events."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Windows Admin Center is the only product directly impacted by this vulnerability. No specific version ranges were published in the CNA data, so any deployment of Windows Admin Center that has not applied the latest security updates may be vulnerable.", "description_and_impact": "The vulnerability is an improper access control flaw in Microsoft Windows Admin Center that permits an attacker who already has legitimate local access to increase privileges on the host. This issue is identified by CWE-284 and can allow the attacker to perform actions that require higher privileges, potentially compromising system security and data integrity. The vulnerability does not affect remote attackers directly unless they have first gained local credentials.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity, while the EPSS score of less than 1% suggests the exploitation probability is currently low. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an attacker to be already authenticated to the local Windows system that hosts Windows Admin Center; from that position, the attacker can exploit the access control flaw to elevate privileges. No public exploits are documented, but the presence of a high CVSS score and existing access would make it a suitable target for insider threats or an attacker who has compromised a user account."}}}}, "created": "2026-04-20T15:45:10.380702+00:00", "updated": "2026-04-20T15:45:10.380713+00:00", "vendors": []}