Plattform
windows
Komponente
internet-information-services-iis-inbox-com-objects
Behoben in
10.0.10240.21161
10.0.14393.8519
10.0.17763.7919
10.0.19044.6456
10.0.19045.6456
10.0.22621.6060
10.0.22631.6060
10.0.26100.6899
10.0.26200.6899
CVE-2025-59282 describes a Remote Code Execution (RCE) vulnerability affecting the Internet Information Services (IIS) Inbox COM Objects component in Windows. This vulnerability stems from a race condition where concurrent execution using shared resources lacks proper synchronization. Successful exploitation could allow an attacker to execute arbitrary code locally on the affected system, potentially leading to complete system compromise. The vulnerability impacts Windows versions 10.0.10240.0 through 10.0.26200.6899, and a fix is available in version 10.0.26200.6899.
An attacker who successfully exploits CVE-2025-59282 can achieve local code execution on a vulnerable Windows system. This means they can run arbitrary commands with the privileges of the affected user account, potentially escalating privileges to SYSTEM level. The impact is significant, as an attacker could install malware, steal sensitive data, modify system configurations, or disrupt services. Given that IIS is often used to host web applications and services, a successful exploit could also lead to the compromise of those applications and the data they handle. The blast radius extends to any data accessible by the compromised user account, and potentially the entire network if the attacker can leverage the compromised system for lateral movement.
CVE-2025-59282 was publicly disclosed on 2025-10-14. The CVSS score of 7 (HIGH) indicates a significant risk. There is currently no indication of active exploitation campaigns targeting this vulnerability, nor are there any publicly available proof-of-concept exploits. It is not listed on the CISA KEV catalog at the time of writing. However, the race condition nature of the vulnerability suggests that it could be exploited with relative ease once a suitable exploit is developed.
Organizations running web applications or services on Windows servers using IIS are at risk. This includes businesses of all sizes, particularly those with legacy systems or configurations that haven't been regularly updated. Shared hosting environments are also at increased risk, as vulnerabilities in the underlying server infrastructure can impact multiple tenants.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*iis*'} | Select-Object ProcessName, Id, CPU, WorkingSet• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='IIS' or @ProviderGuid='{12987A23-9D83-4173-B36F-B3D693607761}']]" -MaxEvents 100• windows / supply-chain: Check Autoruns for unusual COM object registrations related to IIS. Use Sysinternals Autoruns to identify any unexpected or unauthorized COM object registrations.
disclosure
Exploit-Status
EPSS
0.33% (56% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59282 is to upgrade to Windows version 10.0.26200.6899 or later, which includes the fix for this race condition. If immediate patching is not feasible, consider implementing temporary workarounds. While a direct WAF rule is unlikely to prevent this local RCE, restricting access to sensitive COM objects via network segmentation can reduce the attack surface. Regularly review IIS configuration and permissions to ensure least privilege principles are followed. Monitor system logs for suspicious activity related to IIS processes and COM object usage. After upgrading, confirm the vulnerability is resolved by attempting to reproduce the conditions that trigger the race condition in a test environment.
Actualice su sistema operativo Windows 10 a la última versión disponible a través de Windows Update. Esto instalará la versión corregida de Internet Information Services (IIS) y solucionará la vulnerabilidad de ejecución remota de código.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59282 is a Remote Code Execution vulnerability in the IIS Inbox COM Objects component of Windows, allowing local code execution due to a race condition.
You are affected if you are running Windows versions 10.0.10240.0 through 10.0.26200.6899 and have IIS installed.
Upgrade to Windows version 10.0.26200.6899 or later to receive the security patch. Consider temporary workarounds if immediate patching is not possible.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests it could be exploited once a suitable exploit is developed.
Refer to the official Microsoft Security Update Guide for CVE-2025-59282 when it is published.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.