Exposure of sensitive information to an unauthorized actor in Windows Speech allows an authorized attacker to disclose information locally.

CVE-2025-59509: Windows Speech Recognition Information Disclosure Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?**

An attacker who successfully exploited this vulnerability could elevate from a low integrity level up to a medium integrity level.

CVE-2025-59508: Windows Speech Recognition Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?**

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Tag

#Windows Speech