CVE-2025-53795
Published: 21 August 2025
Summary
CVE-2025-53795 is a critical-severity Improper Authorization (CWE-285) vulnerability in Microsoft Pc Manager. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-53795 is an improper authorization vulnerability (CWE-285) affecting Microsoft PC Manager. Published on 2025-08-21T20:15:45.707, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The issue stems from flawed authorization mechanisms that enable unauthorized privilege escalation over a network.
An unauthorized attacker with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation allows the attacker to elevate privileges, achieving high impacts on confidentiality and integrity while leaving availability unaffected.
The Microsoft Security Response Center has published an update guide detailing mitigation and patch information at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53795.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25500
Vulnerability details
Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthorized privilege escalation via improper authorization directly enables T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of known flaws like CVE-2025-53795 through patching, directly preventing exploitation of the improper authorization vulnerability.
AC-3 enforces approved authorizations for access, directly countering the improper authorization that enables remote privilege escalation.
AC-6 applies least privilege to limit the impact and success of privilege escalation attempts resulting from authorization flaws.