Tag
#Windows StateRepository API
CVE-2025-59203: Windows State Repository API Server File Information Disclosure Vulnerability
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
CVE-2025-53789: Windows StateRepository API Server file Elevation of Privilege Vulnerability
**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker would gain the rights of the user that is running the affected application.
CVE-2025-49723: Windows StateRepository API Server file Tampering Vulnerability
**According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.