CVE-2025-59188: 
vulnerability analysis and mitigation

Microsoft Failover Cluster Information Disclosure Vulnerability (CVE-2025-59188) is a security flaw discovered in Windows Failover Cluster that allows an authorized attacker to disclose information locally. The vulnerability was disclosed on October 14, 2025, as part of Microsoft's October 2025 Patch Tuesday updates (Rapid7).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction. The vulnerability affects confidentiality but does not impact integrity or availability (NVD).

The vulnerability allows an authorized attacker with local access to disclose sensitive information from the Windows Failover Cluster component. The high confidentiality impact rating suggests that the attacker could potentially access significant amounts of sensitive data (NVD).

Microsoft has released security updates to address this vulnerability as part of the October 2025 Patch Tuesday updates. Users and administrators are advised to apply the latest security updates to affected systems (ASEC).