CVE-2025-55242 — Vulnetix

CVE-2025-55242 PUBLISHED CVSS 6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.

EPSS 1.31% · 80.1th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

EPSS Score

1.31%

80.1th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Xbox Gaming Services	-
microsoft	xbox_gaming_services	-

Timeline

Sep 4, 2025 CVE Published
Sep 5, 2025 EPSS Score
Sep 5, 2025 Coalition ESS Score
Sep 5, 2025 Coalition ESS Score
Sep 5, 2025 PoC Published
Sep 5, 2025 PoC Published
Sep 11, 2025 Coalition ESS Score
Sep 12, 2025 EPSS Score
Sep 20, 2025 EPSS Score
Sep 27, 2025 EPSS Score
Oct 4, 2025 Coalition ESS Score
Oct 5, 2025 EPSS Score

References

Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-55242 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›