Microsoft Windows Defender Firewall Vulnerabilities Allow Privilege Escalation

Microsoft has released security advisories for four newly discovered vulnerabilities in its Windows Defender Firewall Service that could enable attackers to elevate privileges on affected Windows systems.

The flaws, tracked as CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915, were all disclosed on September 9, 2025, and share similar characteristics.

While exploitation requires local access, successful attacks could allow threat actors to execute code at SYSTEM level, bypassing normal security boundaries.

Details of the Vulnerabilities

Each vulnerability involves Type Confusion (CWE-843), a weakness where the firewall service misinterprets the type of a resource, leading to unauthorized operations.

All four flaws are classified as Important severity and carry a CVSS 3.1 base score of 6.7 with a temporal score of 5.8.

The attack vector is local (AV:L), with low complexity (AC:L), high privileges required (PR:H), and no user interaction needed (UI:N).