CVE-2025-27735 is a vulnerability classified under CWE-345 (Insufficient Verification of Data Authenticity) affecting Microsoft Windows 10 Version 1507 (build 10240). The flaw resides in the Windows Virtualization-Based Security (VBS) Enclave, a security feature designed to isolate sensitive processes and data from the rest of the operating system. Due to insufficient verification of data authenticity within the enclave, an attacker who already has local authorized access with high privileges can bypass certain security mechanisms. This bypass could allow the attacker to escalate privileges further or access protected data that should be isolated by the VBS enclave. The CVSS v3.1 score is 6.0 (medium), reflecting that the attack vector is local (AV:L), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact affects confidentiality and integrity but not availability. The vulnerability is currently not known to be exploited in the wild, and no patches have been released yet. Since Windows 10 Version 1507 is the initial release from 2015, it is largely out of mainstream support, meaning many systems should have been upgraded, but some legacy or specialized environments may still run this version. The vulnerability highlights the risks of running outdated OS versions with legacy security features that have since been improved in later updates.

For European organizations, the primary impact is the potential for local privilege escalation and bypass of critical security features within the Windows VBS enclave, which protects sensitive processes and data. This could lead to unauthorized access to confidential information or manipulation of system integrity, especially in environments relying on VBS for enhanced security. Although the vulnerability does not affect availability, the compromise of confidentiality and integrity can have severe consequences in sectors such as finance, healthcare, government, and critical infrastructure. Organizations still running Windows 10 Version 1507, particularly in legacy systems or isolated networks, are at risk. The lack of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. The medium severity rating suggests that while the vulnerability is serious, it is not trivial to exploit without existing high privileges, limiting the scope to insider threats or attackers who have already gained some level of system access.

1. Upgrade all systems running Windows 10 Version 1507 to the latest supported Windows 10 or Windows 11 versions where VBS and related security features have been enhanced and this vulnerability addressed. 2. Restrict local administrative privileges strictly to trusted personnel and use least privilege principles to reduce the risk of local exploitation. 3. Employ endpoint detection and response (EDR) solutions to monitor for suspicious local privilege escalation attempts or unusual access patterns to VBS enclaves. 4. Isolate legacy systems running outdated OS versions from critical networks and sensitive data environments to limit potential impact. 5. Regularly audit and inventory all Windows versions in use to identify and remediate unsupported or vulnerable systems. 6. Apply any future patches or security updates from Microsoft promptly once available. 7. Consider using hardware-based security features such as TPM and secure boot to complement VBS protections.