Platform
windows
Component
microsoft-streaming-service-proxy
Fixed in
10.0.14393.8594
10.0.17763.8027
10.0.19044.6575
10.0.19045.6575
10.0.22631.6199
10.0.26100.7171
10.0.26200.7171
6.1.7601.28021
CVE-2025-59514 describes an improper privilege management vulnerability within the Microsoft Streaming Service Proxy. This flaw allows an authenticated attacker to escalate their privileges locally, potentially gaining unauthorized access to system resources. The vulnerability impacts versions of the proxy service up to and including 10.0.26200.7171, with a fix available in version 10.0.26200.7171.
Successful exploitation of CVE-2025-59514 allows an attacker who already has some level of access to the system to elevate their privileges to a higher level, such as SYSTEM. This could grant them complete control over the affected machine, enabling them to install malware, steal sensitive data, modify system configurations, or disrupt operations. The impact is particularly severe in environments where the Streaming Service Proxy is used to manage or proxy streaming content, as an attacker could potentially leverage this vulnerability to compromise the entire network. While the vulnerability requires authentication, the potential for significant damage makes it a high-priority concern.
CVE-2025-59514 was publicly disclosed on 2025-11-11. Its severity is rated HIGH with a CVSS score of 7.8. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at the time of this writing, suggesting a low to medium probability of active exploitation, but this could change. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-59514 is to upgrade the Microsoft Streaming Service Proxy to version 10.0.26200.7171 or later. Before upgrading, it's crucial to review the Microsoft advisory for any potential compatibility issues or breaking changes. If an immediate upgrade is not feasible, consider implementing least privilege principles to restrict the permissions of the proxy service account. Regularly review the proxy service's configuration and audit logs for any suspicious activity. After upgrading, confirm the fix by attempting to execute a privilege escalation exploit against the updated service; it should fail.
Actualice su sistema operativo Windows a la última versión disponible a través de Windows Update. Esto instalará la versión corregida del servicio de transmisión y solucionará la vulnerabilidad de elevación de privilegios. Asegúrese de reiniciar su sistema después de la actualización para que los cambios surtan efecto.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-59514 is a privilege escalation vulnerability in Microsoft Streaming Service Proxy allowing an authenticated attacker to gain higher privileges locally.
You are affected if you are using Microsoft Streaming Service Proxy versions less than or equal to 10.0.26200.7171.
Upgrade to Microsoft Streaming Service Proxy version 10.0.26200.7171 or later. Review Microsoft's advisory for compatibility details.
There are currently no publicly known active exploits, but the vulnerability is rated HIGH severity and should be addressed promptly.
Refer to the official Microsoft Security Update Guide for CVE-2025-59514 for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.