CVE-2025-59513: 
vulnerability analysis and mitigation

An out-of-bounds read vulnerability was discovered in the Windows Bluetooth RFCOM Protocol Driver, identified as CVE-2025-59513. The vulnerability was disclosed on November 11, 2025, affecting multiple versions of Microsoft Windows operating systems including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS v3.1 Base Score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and affecting only the user scope (S:U). The impact primarily concerns confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows an authorized attacker to disclose information locally through an out-of-bounds read in the Windows Bluetooth RFCOM Protocol Driver. This could potentially lead to unauthorized access to sensitive information within the affected systems (NVD, Rapid7).

Microsoft has released security updates to address this vulnerability across affected systems. Multiple Knowledge Base (KB) updates have been made available, including KB5068864 for Windows 10 1607 and Windows Server 2016, KB5068791 for Windows 10 1809 and Windows Server 2019, KB5068781 for Windows 10 21H2/22H2, and various other updates for different Windows versions (Rapid7).