CVE-2025-29819 is a vulnerability categorized under CWE-73 (External Control of File Name or Path) affecting Microsoft Windows Admin Center version 1809.0. The flaw allows an attacker without privileges or user interaction to manipulate file names or paths externally, resulting in unauthorized local information disclosure. Specifically, the vulnerability arises because the Windows Admin Center improperly validates or sanitizes file path inputs, enabling attackers to specify arbitrary file paths. This can lead to disclosure of sensitive files or configuration data stored on the local system where the Windows Admin Center is installed. The CVSS 3.1 base score is 6.2, reflecting a medium severity level, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (C:H) but no impact on integrity or availability. The vulnerability was published on April 8, 2025, with no known exploits in the wild and no patches currently available. Given Windows Admin Center's role as a centralized management tool for Windows servers and infrastructure, exploitation could expose sensitive operational data, configuration files, or credentials stored locally, potentially aiding further attacks or reconnaissance. The vulnerability does not allow remote exploitation directly but requires local access or an attacker to have some foothold on the system. The lack of authentication requirements lowers the barrier for exploitation once local access is obtained.

For European organizations, especially those relying on Windows Admin Center 1809.0 for managing server infrastructure, this vulnerability poses a significant risk to confidentiality. Disclosure of sensitive configuration files or operational data could facilitate lateral movement, privilege escalation, or targeted attacks on critical systems. Sectors such as finance, healthcare, government, and critical infrastructure operators are particularly vulnerable due to the sensitive nature of their managed environments. The local attack vector means that attackers need some level of access, but the absence of required privileges or user interaction increases the risk from insider threats or attackers who have compromised less privileged accounts. The vulnerability does not impact system integrity or availability directly but can be a stepping stone for more damaging attacks. Given the widespread use of Microsoft management tools in Europe, the potential scope is broad, and the impact could be severe if exploited in sensitive environments.

1. Restrict access to Windows Admin Center installations strictly to trusted administrators and secure network segments to minimize local access opportunities. 2. Implement robust monitoring and logging of file access and Windows Admin Center activities to detect anomalous file path requests or unauthorized access attempts. 3. Apply the principle of least privilege to all accounts interacting with Windows Admin Center to limit potential exploitation scope. 4. Regularly audit and review configuration files and sensitive data stored locally to identify any unauthorized access or changes. 5. Stay alert for official patches or updates from Microsoft addressing CVE-2025-29819 and apply them promptly once available. 6. Consider deploying application whitelisting or endpoint detection and response (EDR) solutions to detect exploitation attempts. 7. Educate administrators about the risks of local file path manipulation and enforce secure operational procedures when using Windows Admin Center.