CVE-2025-11964 is an out-of-bounds write vulnerability classified under CWE-787, affecting libpcap version 1.10.0 on Windows platforms. Libpcap is a widely used packet capture library integral to many network monitoring and security tools. The vulnerability arises specifically during the conversion of Windows error messages to UTF-8 encoding. When the error message contains characters that UTF-8 encodes using 4 bytes, the function utf_16le_to_utf_8_truncated() may write data beyond the end of the allocated buffer. This buffer overflow can corrupt adjacent memory, potentially leading to integrity issues such as data corruption or application crashes. The vulnerability requires local access with high privileges (PR:H) and has a high attack complexity (AC:H), meaning exploitation is difficult and unlikely to be automated. No user interaction is required, and the scope is unchanged (S:U). The CVSS v3.1 base score is 1.9, reflecting the low impact on confidentiality and availability, with limited integrity impact. No known exploits have been reported in the wild, and no patches have been released at the time of publication. This vulnerability is specific to Windows due to the handling of Windows error messages and UTF-8 conversion logic.

For European organizations, the impact of CVE-2025-11964 is limited due to its low severity and exploitation requirements. The vulnerability could cause integrity issues in applications relying on libpcap for packet capture on Windows, potentially leading to application instability or data corruption. However, since exploitation requires local privileged access, the risk of remote compromise is minimal. Organizations using Windows-based network monitoring tools or security appliances that embed libpcap version 1.10.0 could experience disruptions if the vulnerability is triggered. The absence of known exploits reduces immediate risk, but the potential for targeted attacks in high-security environments exists. The impact on confidentiality and availability is negligible, so critical infrastructure and sensitive data are unlikely to be directly compromised through this vulnerability alone.

European organizations should implement the following specific mitigations: 1) Inventory and identify all Windows systems running libpcap version 1.10.0, particularly those used for network monitoring or security analysis. 2) Restrict local administrative and privileged access to these systems to minimize the risk of exploitation. 3) Monitor official channels from The Tcpdump Group for patches or updates addressing this vulnerability and apply them promptly once available. 4) Employ application whitelisting and endpoint protection to detect anomalous behavior that could indicate exploitation attempts. 5) Conduct regular security audits and vulnerability scans focusing on local privilege escalation vectors. 6) Consider isolating or sandboxing network capture tools to limit the impact of potential memory corruption. 7) Educate system administrators about the vulnerability and the importance of minimizing privileged access on affected systems.