CVE-2025-59259

Q: What is the severity of CVE-2025-59259?

CVE-2025-59259 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Windows Local Session Manager allows authenticated attackers to cause denial of service by sending specially crafted network requests. It affects Windows systems with LSM enabled and requires network access to the target system.

6.5 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability in Windows Local Session Manager allows authenticated attackers to cause denial of service by sending specially crafted network requests. It affects Windows systems with LSM enabled and requires network access to the target system.

💻 Affected Systems

Products:

Windows Local Session Manager (LSM)

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with LSM service running and network access enabled

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service unavailability affecting multiple users and disrupting business operations

🟠

Likely Case

Temporary service disruption affecting specific sessions or services managed by LSM

🟢

If Mitigated

Minimal impact with proper network segmentation and authentication controls

🌐 Internet-Facing: MEDIUM - Requires network access but attacker must be authenticated

🏢 Internal Only: HIGH - Internal attackers with valid credentials can exploit this easily

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication and network access to target system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59259

Restart Required: No

Instructions:

1. Apply latest Windows security updates from Microsoft Update 2. Install specific KB patch referenced in advisory 3. Verify LSM service is running after update

🔧 Temporary Workarounds

Restrict network access to LSM

Windows

Limit network connections to LSM service using firewall rules

netsh advfirewall firewall add rule name="Block LSM Remote" dir=in action=block protocol=TCP localport=445
netsh advfirewall firewall add rule name="Block LSM Remote UDP" dir=in action=block protocol=UDP localport=445

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems with LSM
Enforce strong authentication and monitor for unusual LSM access patterns

🔍 How to Verify

Check if Vulnerable:

Check Windows version and installed updates against Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB patch is installed via 'wmic qfe list' or 'Get-HotFix' in PowerShell

📡 Detection & Monitoring

Log Indicators:

Event ID 1000 in Application logs with LSM fault
Unusual LSM service restarts in System logs

Network Indicators:

Multiple failed LSM connections from single source
Unusual traffic patterns to LSM ports

SIEM Query:

source="windows" event_id=1000 process_name="lsm.exe" OR source="windows" event_id=7036 service_name="LSM"

📊 Metadata

CVE ID: CVE-2025-59259

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1287

EPSS Score: 0.37% exploit probability (58.4th percentile)

Published: October 14, 2025

Last Updated: October 20, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59259 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows 11 25h2 by Microsoft

Windows Server 2012 by Microsoft