CVE-2025-50173: 
vulnerability analysis and mitigation

A weak authentication vulnerability in Windows Installer (CVE-2025-50173) was disclosed on August 12, 2025. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows Server 2008, 2012, 2016, 2019, 2022, 2025, and various versions of Windows 10 and 11 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. It is classified under CWE-1390 (Weak Authentication). The vulnerability requires local access and low privileges to exploit, but requires no user interaction (NVD).

If successfully exploited, this vulnerability allows an authorized attacker with local access to elevate their privileges on the affected system. The high CVSS scores for confidentiality, integrity, and availability (C:H/I:H/A:H) indicate that successful exploitation could result in complete compromise of the system's security (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available for all affected versions of Windows, including Windows Server 2008 through 2025, and Windows 10 and 11 versions (NVD).