Cyber Resilience

CVE-2025-53795

Critical

Published: 21 August 2025

Published
21 August 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0062 70.6th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53795 is a critical-severity Improper Authorization (CWE-285) vulnerability in Microsoft Pc Manager. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-53795 is an improper authorization vulnerability (CWE-285) affecting Microsoft PC Manager. Published on 2025-08-21T20:15:45.707, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The issue stems from flawed authorization mechanisms that enable unauthorized privilege escalation over a network.

An unauthorized attacker with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation allows the attacker to elevate privileges, achieving high impacts on confidentiality and integrity while leaving availability unaffected.

The Microsoft Security Response Center has published an update guide detailing mitigation and patch information at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795.

EU & UK References

Vulnerability details

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Remote unauthorized privilege escalation via improper authorization directly enables T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21322Same product: Microsoft Pc Manager
CVE-2026-27912Same vendor: Microsoft
CVE-2025-24053Same vendor: Microsoft
CVE-2025-21275Same vendor: Microsoft
CVE-2025-21400Same vendor: Microsoft
CVE-2025-26683Same vendor: Microsoft
CVE-2025-64655Same vendor: Microsoft
CVE-2026-24305Same vendor: Microsoft
CVE-2025-49746Same vendor: Microsoft
CVE-2025-53792Same vendor: Microsoft

Affected Assets

microsoft
pc manager
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of known flaws like CVE-2025-53795 through patching, directly preventing exploitation of the improper authorization vulnerability.

prevent

AC-3 enforces approved authorizations for access, directly countering the improper authorization that enables remote privilege escalation.

prevent

AC-6 applies least privilege to limit the impact and success of privilege escalation attempts resulting from authorization flaws.

References