Skip to main content

CVE-2025-47980: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Microsoft Windows 10 Version 1809

Medium
VulnerabilityCVE-2025-47980cvecve-2025-47980cwe-200
Published: Tue Jul 08 2025 (07/08/2025, 16:57:30 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

AI-Powered Analysis

AILast updated: 08/19/2025, 00:39:38 UTC

Technical Analysis

CVE-2025-47980 is a vulnerability identified in the Windows Imaging Component (WIC) of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability is classified under CWE-200, which involves the exposure of sensitive information to unauthorized actors. Specifically, the flaw allows an attacker with local access to the affected system to disclose sensitive information without requiring any privileges, user interaction, or authentication. The vulnerability arises due to improper handling of sensitive data within the Windows Imaging Component, a core system library responsible for image processing and rendering. Exploitation of this vulnerability does not affect system integrity or availability but results in a confidentiality breach, potentially leaking sensitive data stored or processed by WIC. The CVSS v3.1 base score is 6.2 (medium severity), reflecting the local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact is high on confidentiality (C:H), with no impact on integrity or availability. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that mitigation may rely on vendor updates or workarounds once available. Given the affected product is Windows 10 Version 1809, which is an older release, many organizations may have already migrated to newer versions, but legacy systems remain at risk. The vulnerability's local nature limits remote exploitation but still poses a risk in environments where untrusted users have local access or where malware can execute code locally to extract sensitive information.

Potential Impact

For European organizations, the primary impact of CVE-2025-47980 is the potential unauthorized disclosure of sensitive information on systems running Windows 10 Version 1809. This can lead to data breaches involving confidential corporate data, personal information, or intellectual property. Although the vulnerability does not allow remote exploitation or system compromise, insider threats, compromised endpoints, or malware with local execution capabilities could leverage this flaw to escalate information gathering. Industries with strict data protection requirements, such as finance, healthcare, and government sectors, are particularly vulnerable to the confidentiality breach risks posed by this vulnerability. Additionally, organizations bound by GDPR must consider the implications of unauthorized data exposure, which could lead to regulatory penalties and reputational damage. Since Windows 10 Version 1809 is an older release, organizations still using this version, especially in legacy or specialized environments, face increased risk. The lack of known exploits in the wild reduces immediate threat levels but does not eliminate the risk of future exploitation once proof-of-concept code becomes available.

Mitigation Recommendations

1. Upgrade and Patch: The most effective mitigation is to upgrade affected systems to a supported and updated version of Windows 10 or later, as Windows 10 Version 1809 is out of mainstream support. Monitor Microsoft security advisories for patches addressing CVE-2025-47980 and apply them promptly once released. 2. Limit Local Access: Restrict local access to systems running the affected Windows version. Implement strict access controls, ensuring only trusted users have physical or remote desktop access. 3. Endpoint Security: Deploy endpoint detection and response (EDR) solutions to monitor for suspicious local activities that could indicate exploitation attempts. 4. Network Segmentation: Isolate legacy systems running Windows 10 Version 1809 from critical network segments to reduce the risk of lateral movement by attackers. 5. Application Whitelisting: Use application control policies to prevent unauthorized code execution that could exploit this vulnerability locally. 6. Audit and Monitoring: Enable detailed logging and monitor for unusual access patterns or data exfiltration attempts on affected systems. 7. User Awareness: Educate users about the risks of local exploitation and the importance of not executing untrusted code or opening suspicious files on legacy systems.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-05-14T14:44:20.083Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686d50d36f40f0eb72f91b0e

Added to database: 7/8/2025, 5:09:39 PM

Last enriched: 8/19/2025, 12:39:38 AM

Last updated: 8/19/2025, 12:39:38 AM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats