Microsoft has launched safety advisories for 4 newly found vulnerabilities in its Home windows Defender Firewall Service that would allow attackers to raise privileges on affected Home windows methods.
The issues, tracked as CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915, have been all disclosed on September 9, 2025, and share comparable traits.
Whereas exploitation requires native entry, profitable assaults might enable menace actors to execute code at SYSTEM degree, bypassing regular safety boundaries.
Particulars of the Vulnerabilities
Every vulnerability entails Kind Confusion (CWE-843), a weak spot the place the firewall service misinterprets the kind of a useful resource, resulting in unauthorized operations.
All 4 flaws are categorized as Necessary severity and carry a CVSS 3.1 base rating of 6.7 with a temporal rating of 5.8.
The assault vector is native (AV:L), with low complexity (AC:L), excessive privileges required (PR:H), and no person interplay wanted (UI:N).
| CVE Identifier | Affect | Max Severity | CVSS 3.1 Rating (Base/Temporal) |
| CVE-2025-53808 | Elevation of Privilege | Necessary | 6.7 / 5.8 |
| CVE-2025-54104 | Elevation of Privilege | Necessary | 6.7 / 5.8 |
| CVE-2025-54109 | Elevation of Privilege | Necessary | 6.7 / 5.8 |
| CVE-2025-54915 | Elevation of Privilege | Necessary | 6.7 / 5.8 |
Confidentiality, integrity, and availability impacts are all excessive (C:H/I:H/A:H). Microsoft charges the exploit maturity as unproven (E:U) with official fixes already launched (RL:O) and confirmed stories (RC:C).
These vulnerabilities reside within the Home windows Defender Firewall Service executable operating with elevated privileges.
An attacker who can go surfing regionally to a goal machine might leverage certainly one of these flaws to execute arbitrary code as SYSTEM.
This might function a stepping stone for full compromise, particularly in environments the place native person accounts are poorly managed.
Mitigation and Suggestions
Microsoft has supplied patches for all affected Home windows variations by its September 2025 safety updates. System directors are urged to:
- Deploy the September safety replace instantly to make sure the firewall service is patched.
- Prohibit native account logins to trusted personnel solely.
- Monitor system occasion logs for uncommon firewall service habits or crash occasions that would point out makes an attempt to use these flaws.
- Implement least-privilege insurance policies to attenuate the affect if native account credentials are compromised.
Though these vulnerabilities require native entry, they pose a major danger in company environments the place staff have administrative privileges or the place laptops could also be bodily accessed by unauthorized people.
As soon as an attacker features SYSTEM privileges, they’ll disable safety controls, set up persistent malware, or transfer laterally inside a community.
Addressing these points promptly reduces the window of alternative for menace actors to use them.
Home windows Defender Firewall has lengthy been a core part of Microsoft’s defense-in-depth technique.
These elevation of privilege vulnerabilities spotlight the significance of standard patching and stringent entry controls.
By making use of the out there updates and imposing sturdy safety insurance policies, organizations can safeguard towards potential privilege escalation assaults concentrating on the firewall service.
Discover this Story Fascinating! Observe us on LinkedIn and X to Get Extra Instantaneous Updates.
