SafeBreach Labs has recently identified a significant vulnerability within Windows 11, aptly named Click Or Trick. This issue, cataloged as CVE-2025-59199, was addressed by Microsoft in October 2025.
Understanding the Vulnerability
The research reveals a one-click attack mechanism that initiates from a low-integrity process, ultimately achieving arbitrary write capabilities and escalated code execution by leveraging various built-in Windows components. Notably, this method relies on a spoofed notification click, circumventing the need for dropped malware or third-party tools.
At the heart of this technique lies Windows Mandatory Integrity Control, which classifies processes running under the same user account into distinct trust levels. Low-integrity processes serve as a sandbox boundary in browsers and other applications, restricting access for any compromised code, even when it operates under a valid user identity.
The researchers began their investigation by searching for COM objects that could still be activated by a low-integrity process. They concentrated on LocalServer32 COM servers, which operate in separate processes, thereby creating opportunities for actions beyond the original sandbox.
During their exploration, the team discovered an AppID with an undocumented flag that permitted a low-integrity process to launch a medium-integrity server process using the user’s unmodified logon token. This discovery provided a pathway to trigger actions at a higher integrity level without the need for traditional privilege escalation methods.
Exploiting Windows Features
Subsequently, they examined a COM object associated with Windows edition upgrade functions and pinpointed a ShowToast function. This function enabled them to generate toast notifications on behalf of other applications, while also controlling a launch command that would execute upon user interaction with the notification.
The research then shifted focus to the app identities utilized by Windows applications. The team found that certain applications would accept appended command-line parameters when launched through these notifications, thereby allowing attackers to manipulate built-in software into executing commands under their control.
In one of their initial tests, they employed Winget, the Windows package manager, to install software selected by the attacker with just a single click. However, this method fell short of achieving complete escape, as it did not directly facilitate arbitrary code execution.
Finding a More Effective Route
A more promising avenue emerged through the Snipping Tool, which in Windows 11 can be initiated with URI-based parameters. The researchers noted that the tool’s documented discover endpoint includes a redirect-uri argument capable of sending a callback to another registered application.
This functionality allowed them to transition execution from the spoofed notification into the Snipping Tool and subsequently to a second URI target chosen by the attacker. Essentially, this meant that a low-integrity application could, after a single user click, instigate a medium-integrity launch of another registered Windows application.
The team initially tested file:// URIs and discovered that interpreted files, such as Python scripts, could be executed in this manner if stored in the LocalLow folder—one of the few writable locations accessible to low-integrity processes. However, native executables and batch files were blocked due to the way Windows manages file association checks.
Seeking a different URI target, the researchers turned their attention to Microsoft Teams. They found that the desktop client, built on Chromium, still exposed the Chromium –remote-debugging-port switch, which initiates a Chrome DevTools Protocol server on a designated local port.
By crafting a ms-teams URI and passing it through the Snipping Tool’s redirect mechanism, they successfully injected that switch. Once Teams launched with remote debugging enabled, the researchers utilized Chrome DevTools Protocol commands to alter the download directory and download a file to a location outside the sandbox, thereby creating an arbitrary write primitive.
The Complexity of the Exploit
This comprehensive exploit chain traversed several Windows subsystems that are seldom analyzed together, including COM activation, app identity handling, toast notifications, URI handlers, Snipping Tool, and Chromium remote debugging. Individually, these elements would not typically be recognized as a clear path for sandbox escape; however, when combined, they yielded a viable route beyond the low-integrity boundary.
The attack relied solely on applications and services that are standard within a typical Windows 11 installation. SafeBreach Labs posited that this characteristic complicates defensive detection, as the activity may resemble normal operating system behavior rather than the execution of foreign binaries.
The vulnerability has been assigned a CVSS score of 7.8. Following the disclosure of their findings to Microsoft, the issue was rectified in October 2025.
SafeBreach Labs framed their discovery as a crucial reminder that operating system security can be compromised through interactions among trusted components, rather than solely through overt flaws. “This research highlights the risks associated with the current trend of integrating numerous complex applications into an operating system. Each dependency and application included with your product—whether it be an operating system, an application, or a website—expands the attack surface and warrants thorough review,” stated SafeBreach Labs.
