CNNVD-202508-1167 Information

Aug 12, 2025 cve

CNNVD ID

CNNVD-202508-1167

CVE-2025-50159

  • CNNVD Published: 2025-08-12

Description (Chinese)

Microsoft Remote Access Point-to-Point Protocol (PPP) EAP-TLS是美国微软(Microsoft)公司的一种安全认证机制。 Microsoft Remote Access Point-to-Point Protocol (PPP) EAP-TLS存在资源管理错误漏洞。攻击者利用该漏洞可以提升权限。以下产品和版本受到影响:Windows Server 2025 (Server Core installation),Windows 11 Version 23H2 for ARM64-based Systems,Windows 11 Version 23H2 for x64-based Systems,Windows Server 2022, 23H2 Edition (Server Core installation),Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows Server 2025,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 22H2 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 11 Version 22H2 for ARM64-based Systems,Windows 11 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for x64-based Systems,Windows 10 Version 22H2 for ARM64-based Systems,Windows 10 Version 1809 for 32-bit Systems。

Description (English)

Microsoft Access Point-to-Point Protocol (PPP) EAP-TLS is a secure certification mechanism for Microsoft (MSA) in the United States. Microsoft Remote Access Point-to-Point Production (PPP) EAP-TLS has a resource management error gap. The attackers use this loophole to enhance their authority. Wows Service 2022, Wows Service 2025, Wows Service, Wows Service 28-Sysems, Wows Service 23-H2 for ARM64-based Systems, Windows Service 2022, for Service Service for Service for Service, Wows Service for Service 64-Systems, Wows Service for Service 28-Systems, and Wows Service for Service 2-Sysysysysys, Wows Service 2-Sysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysysy

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

微软

Published

2025-08-12

Last Modified

2026-02-24

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50159

Patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50159

Share on: