CVE-2025-59258

Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

Description

Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.

INFO

Published Date :

2025-10-14T17:00:44.802Z

Last Modified :

2026-02-22T17:24:52.847Z

Source :

microsoft

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59258 vulnerability.

Vendors	Products
Microsoft	Active Directory Federation Services Windows Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Windows Server 23h2

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59258.

URL	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59258

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact