CVE-2025-55242 — Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability

Executive Summary

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.

Overview

6.5

CVSS MEDIUM

Critical

MS Severity

Not Exploited

MS Exploit Status

Not Found

MS Exploit Likelihood

Category Information Disclosure

Released Sep 9 2025

Last Updated Sep 9 2025

Publicly Disclosed No

CISA KEV Not Listed

Known Exploits None Known

EPSS Score 0.0073 — 0.49422 percentile

CVSS Vector

ATTACK VECTOR

Network

ATTACK COMPLEXITY

Low

PRIVILEGES REQUIRED

None

USER INTERACTION

Required

SCOPE

Unchanged

Temporal Score: 5.7

EPSS Score

0.0073

probability of exploitation in the next 30 days

0.49422 percentile - updated 2026-06-20

View on FIRST.org

Affected Products

1 affected product

Product	KB Article	Severity	Impact	Restart Required
Xbox Gaming Services	`—`	Critical	Information Disclosure	Unknown

Patches

1 patch

Article	Type	Restart
`—`		Unknown

Known Exploits

No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.

Acknowledgments

cixtor.com with Big Tech

References

MSRC Advisory MITRE NVD