Microsoft has addressed 4 elevation of privilege vulnerabilities in its Home windows Defender Firewall service, all rated as “Vital” in severity.
The safety flaws have been detailed in Microsoft’s September 9, 2025, safety replace launch. If exploited, these vulnerabilities might enable an authenticated attacker to realize larger privileges on an affected system.
The 4 vulnerabilities are tracked as CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915. All 4 allow a neighborhood attacker to escalate their privileges, posing a major threat to system integrity.
On the time of disclosure, Microsoft said that not one of the vulnerabilities had been publicly disclosed or actively exploited within the wild.
Nature Of The Firewall Vulnerabilities
Three of the 4 vulnerabilities (CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915) are brought on by a “kind confusion” flaw inside the Home windows Defender Firewall Service.
Sort confusion is a standard class of reminiscence security bug the place a program makes an attempt to entry a useful resource with an incompatible kind, resulting in surprising and sometimes insecure conduct.
On this case, it permits a licensed attacker to set off a situation that results in native privilege escalation.
The fourth vulnerability, CVE-2025-53808, can also be a service elevation of privilege flaw, although Microsoft’s advisory doesn’t specify it as a kind confusion bug.
The widespread thread amongst all 4 is the potential final result: a low-privileged person gaining elevated system rights.
Understanding The Assault Situation
To use any of those vulnerabilities, an attacker should first have authenticated entry to the goal machine. Moreover, exploitation requires the attacker’s account to be a member of a selected, restricted person group.
This excessive prerequisite is mirrored within the CVSS metric “Privileges Required: Excessive (PR:H),” indicating {that a} informal or unauthenticated attacker can not leverage these flaws.
A profitable exploit would enable the attacker to raise their privileges from a “Medium Integrity Stage” to “Native Service.”
Whereas not full system or administrator-level management, gaining Native Service privileges offers vital capabilities, permitting an attacker to entry and manipulate a variety of system assets, set up malicious software program, or additional compromise the affected host.
Microsoft’s Evaluation And Mitigation
Microsoft’s exploitability evaluation signifies that an assault is “Much less Seemingly” for CVE-2025-53808, CVE-2025-54104, and CVE-2025-54109.
For CVE-2025-54915, the evaluation is even decrease, at “Exploitation Unlikely.” This evaluation is predicated on the excessive privileges required for an attacker to be ready to use the issues.
Regardless of the low chance of exploitation, the “Vital” severity score underscores the potential hazard if an attacker meets the mandatory conditions.
Microsoft has launched safety updates to patch these vulnerabilities throughout all affected variations of Home windows.
System directors and customers are strongly suggested to use the September 2025 safety updates promptly to guard their techniques and mitigate the danger of potential privilege escalation assaults.
