CVE-2025-47973 is a buffer over-read vulnerability classified under CWE-126, affecting the Virtual Hard Disk (VHDX) functionality in Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The vulnerability arises from improper bounds checking when processing VHDX files, which can lead to reading memory beyond the intended buffer. This flaw can be exploited by a local attacker who does not have privileges but requires user interaction, such as convincing a user to open or mount a maliciously crafted VHDX file. Successful exploitation results in elevation of privileges, granting the attacker higher system rights, potentially SYSTEM-level access. The CVSS v3.1 base score is 7.8, indicating a high severity with high impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but user interaction is required (UI:R). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting this is a recently disclosed vulnerability. The vulnerability affects only the initial release of Windows 10, which may limit the affected population but still poses a risk to legacy systems. The vulnerability could be leveraged to bypass security controls, execute arbitrary code with elevated privileges, and compromise system integrity and confidentiality.

For European organizations, this vulnerability poses a significant risk primarily to legacy systems still running Windows 10 Version 1507, which may be found in industrial control systems, government agencies, or enterprises with delayed upgrade cycles. Exploitation could lead to unauthorized privilege escalation, enabling attackers to execute arbitrary code, access sensitive data, or disrupt critical services. This could result in data breaches, operational downtime, and loss of trust. The impact is especially critical for sectors with stringent data protection requirements such as finance, healthcare, and public administration. Additionally, the requirement for user interaction means phishing or social engineering could be used to trigger exploitation, increasing the attack surface. The lack of known exploits in the wild provides a window for proactive mitigation, but the high severity score demands urgent attention. Organizations relying on virtualization or VHDX files for backup, testing, or deployment should be particularly vigilant.

1. Immediately identify and inventory all systems running Windows 10 Version 1507 within the organization. 2. Prioritize upgrading these systems to a supported and patched version of Windows 10 or later, as this version is outdated and unsupported. 3. Until upgrades are complete, restrict user permissions to prevent unauthorized mounting or opening of VHDX files. 4. Implement strict access controls and monitoring on directories and shares where VHDX files are stored to detect and prevent unauthorized modifications or usage. 5. Educate users about the risks of opening untrusted VHDX files and implement policies to limit user interaction with unknown virtual disk files. 6. Monitor local system logs and security events for unusual activity related to VHDX handling or privilege escalation attempts. 7. Apply any interim security advisories or workarounds released by Microsoft as they become available. 8. Employ endpoint detection and response (EDR) tools capable of detecting suspicious local privilege escalation behaviors. 9. Review and harden virtualization and backup processes that utilize VHDX files to minimize exposure. 10. Maintain up-to-date backups and incident response plans to quickly recover from potential exploitation.