Microsoft has released a fix for CVE-2025-64669, addressing a local privilege escalation vulnerability we reported in Windows Admin Center.
This issue allowed low privileged users to escalate to SYSTEM by abusing trusted components under insecure filesystem permissions. Microsoft validated the finding and shipped a fix as part of the latest update.
This CVE represents only the first vulnerability from our research.
We identified four distinct vulnerabilities during the investigation, and additional fixes and disclosures are coming.
More details soon.
Stay tuned.

https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/?urn_source=linkedin&utm_medium=social&utm_campaign=2025-q3-cve-2025-53109-53110-escaperoute-anthropic-blog&utm_term=blog

Check out the new research from my colleague and me - we’ve discovered a security bypass in Azure Entra ID Our findings reveal a vulnerability in pass-through authentication that could potentially allow unauthorized access across synced on-prem domains.