Microsoft’s September 2025 security update addresses four elevation-of-privilege flaws in the Windows Defender Firewall service, each rated Important in severity.
Detailed in the September 9 release, these vulnerabilities—CVE-2025-53808, CVE-2025-54104, CVE-2025-54109, and CVE-2025-54915—could allow an authenticated attacker with high privileges to elevate to Local Service-level access, posing a serious risk to system integrity.
Nature of the Firewall Vulnerabilities
Three of the flaws (CVE-2025-54104, CVE-2025-54109, CVE-2025-54915) stem from a type confusion error within the Firewall Service.
Type confusion arises when code treats a resource as one data type while it actually holds another, leading to memory corruption and unexpected behavior. In this case, a user in a restricted group can trigger the flaw to gain elevated rights.
The fourth issue, CVE-2025-53808, is also an elevation-of-privilege defect, though Microsoft’s advisory does not specify type confusion as its root cause.
All four vulnerabilities share the potential outcome of advancing a low-privileged account to Local Service privileges.
Exploitation Scenario and Requirements
Exploitation demands an authenticated user and membership in a specific restricted Windows user group, aligning with the CVSS metric Privileges Required: High (PR:H).
The attacker’s account must already possess Medium Integrity Level; successful exploitation increases that to Local Service.
While Local Service access falls short of full administrative control, it grants sufficient rights to manipulate system resources, install malicious software, or facilitate lateral movement within an environment.
| CVE Identifier | Vulnerability Type | Privileges Required | CVSS 3.1 Score |
|---|---|---|---|
| CVE-2025-53808 | Service EoP | High (PR:H) | 7.8 |
| CVE-2025-54104 | Type Confusion | High (PR:H) | 7.8 |
| CVE-2025-54109 | Type Confusion | High (PR:H) | 7.8 |
| CVE-2025-54915 | Type Confusion | High (PR:H) | 7.5 |
Microsoft’s exploitability analysis rates three of the vulnerabilities—CVE-2025-53808, CVE-2025-54104, and CVE-2025-54109—as Less Likely to be exploited, with CVE-2025-54915 assessed as Exploitation Unlikely due to its high prerequisites.
Despite this, the Important severity underscores potential threats if an attacker meets conditions. No public disclosures or active exploits have been reported.
Microsoft has issued patches for all supported Windows versions.
Administrators and users are urged to deploy the September 2025 updates immediately to remediate these elevation-of-privilege vulnerabilities and safeguard against privilege escalation attacks.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=Microsoft’s September 2025 security update addresses four elevation-of-privilege flaws in the Windows Defender Firewall service, each rated Important in severity.){kind=link}