CVE-2025-59209: 
vulnerability analysis and mitigation

CVE-2025-59209 is an information disclosure vulnerability affecting Windows Push Notification Core that was disclosed on October 14, 2025. The vulnerability allows an authorized attacker to disclose information locally. This vulnerability affects multiple versions of Microsoft Windows, including Windows Server 2012/2016/2019/2022/2025 and Windows 10/11 systems (NVD, Rapid7).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit. The vulnerability impacts confidentiality but does not affect integrity or availability (NVD).

When successfully exploited, this vulnerability allows an authorized attacker with local access to disclose sensitive information. The vulnerability specifically affects the Windows Push Notification Core component, potentially exposing sensitive system information to unauthorized actors (NVD).

Microsoft has released security updates to address this vulnerability as part of the October 2025 Patch Tuesday updates. System administrators are advised to apply the relevant security updates to affected systems. The patches are available through the standard Windows Update channels and Microsoft Update Catalog (NVD).