CVE-2025-29839 is a medium-severity vulnerability identified as an out-of-bounds read (CWE-125) in Microsoft Windows 10 Version 1809, specifically affecting the Windows File Server component. An out-of-bounds read occurs when a program reads data outside the bounds of allocated memory, which can lead to disclosure of sensitive information from adjacent memory locations. This vulnerability allows an unauthorized local attacker to read memory contents that should not be accessible, potentially leaking sensitive information stored in memory. The vulnerability does not require any privileges or user interaction, making it easier for an attacker with local access to exploit. However, it is limited to local access only (Attack Vector: Local), meaning remote exploitation is not feasible without prior access. The CVSS v3.1 base score is 4.0, indicating a medium severity primarily due to the limited scope and impact: only confidentiality is affected, with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The affected version is Windows 10 Version 1809 (build 10.0.17763.0), which is an older release of Windows 10, often still in use in legacy systems or environments where upgrades have been delayed. The vulnerability could allow attackers to gain access to sensitive information such as credentials, cryptographic keys, or other data residing in memory buffers related to the Windows File Server service, potentially aiding further attacks or privilege escalation if combined with other vulnerabilities.

For European organizations, this vulnerability poses a risk primarily to environments still running Windows 10 Version 1809, especially those utilizing Windows File Server functionality. Information disclosure vulnerabilities can lead to leakage of sensitive corporate data, user credentials, or internal system details, which can be leveraged by attackers for lateral movement or privilege escalation. Although the attack requires local access, insider threats or attackers who have already compromised a low-privilege account could exploit this vulnerability to escalate their knowledge of the environment. Organizations in sectors with strict data protection regulations such as finance, healthcare, and government could face compliance risks if sensitive data is exposed. Additionally, legacy systems in industrial control or critical infrastructure sectors that have not been updated may be particularly vulnerable. The limited scope and medium severity reduce the immediate risk for most organizations that have upgraded beyond Windows 10 Version 1809, but those with legacy deployments should prioritize remediation to avoid potential information leakage.

1. Upgrade affected systems: The most effective mitigation is to upgrade Windows 10 Version 1809 systems to a more recent, supported version of Windows 10 or Windows 11 where this vulnerability is not present. 2. Restrict local access: Limit local access to Windows File Server systems by enforcing strict access controls, using network segmentation, and applying the principle of least privilege to reduce the risk of unauthorized local exploitation. 3. Monitor and audit: Implement enhanced monitoring and auditing of local access to file servers to detect unusual or unauthorized activity that could indicate exploitation attempts. 4. Apply vendor patches: Although no patch links are currently provided, organizations should monitor Microsoft security advisories and apply any available patches promptly once released. 5. Use endpoint protection: Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous memory access patterns or suspicious local activity related to file server processes. 6. Harden file server configurations: Disable or restrict unnecessary file sharing services and protocols on Windows File Server to reduce the attack surface. 7. Educate users: Train users and administrators on the risks of local access vulnerabilities and the importance of maintaining updated systems and secure configurations.