CVE-2025-47980: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Microsoft Windows 10 Version 1809
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
AI Analysis
Technical Summary
CVE-2025-47980 is a vulnerability identified in the Windows Imaging Component (WIC) of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. Specifically, the flaw allows an attacker with local access to the affected system to disclose sensitive information without requiring any privileges, user interaction, or authentication. The vulnerability arises from improper handling or protection of sensitive data within the Windows Imaging Component, a system component responsible for image processing and rendering. Exploitation of this vulnerability does not impact system integrity or availability but can lead to confidentiality breaches by exposing sensitive data to unauthorized local users. The CVSS v3.1 base score is 6.2, indicating a medium severity level. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope remains unchanged (S:U), and the impact is high on confidentiality (C:H) but none on integrity (I:N) or availability (A:N). No known exploits are currently reported in the wild, and no patches or mitigation links have been provided at this time. The vulnerability was reserved in May 2025 and published in July 2025.
Potential Impact
For European organizations, the primary impact of CVE-2025-47980 lies in the potential unauthorized disclosure of sensitive information on systems running Windows 10 Version 1809. Since the vulnerability requires local access, the risk is higher in environments where multiple users share systems or where endpoint security controls are weak. Confidential data processed or stored on affected systems could be exposed to unauthorized users, potentially leading to data breaches, compliance violations (e.g., GDPR), and loss of intellectual property. Although the vulnerability does not allow remote exploitation or system compromise, insider threats or attackers who gain physical or remote desktop access could leverage this flaw to extract sensitive information. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, may face increased regulatory scrutiny and reputational damage if sensitive data is disclosed. The lack of a patch at present necessitates heightened vigilance and compensating controls to minimize exposure.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement specific mitigations to reduce risk from CVE-2025-47980. First, restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls, including limiting user accounts with local login privileges and employing strong authentication mechanisms. Deploy endpoint detection and response (EDR) solutions to monitor for suspicious local activity indicative of exploitation attempts. Consider upgrading affected systems to a newer, supported Windows version where this vulnerability is not present or has been patched. Employ application whitelisting and privilege management to prevent unauthorized code execution or escalation that could facilitate exploitation. Regularly audit and monitor file and process access related to the Windows Imaging Component to detect anomalous behavior. Additionally, educate users about the risks of sharing credentials or allowing untrusted individuals physical or remote access to their devices. Finally, maintain an inventory of affected systems to prioritize remediation efforts once a patch becomes available.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden
CVE-2025-47980: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Microsoft Windows 10 Version 1809
Description
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
AI-Powered Analysis
Technical Analysis
CVE-2025-47980 is a vulnerability identified in the Windows Imaging Component (WIC) of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. Specifically, the flaw allows an attacker with local access to the affected system to disclose sensitive information without requiring any privileges, user interaction, or authentication. The vulnerability arises from improper handling or protection of sensitive data within the Windows Imaging Component, a system component responsible for image processing and rendering. Exploitation of this vulnerability does not impact system integrity or availability but can lead to confidentiality breaches by exposing sensitive data to unauthorized local users. The CVSS v3.1 base score is 6.2, indicating a medium severity level. The attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope remains unchanged (S:U), and the impact is high on confidentiality (C:H) but none on integrity (I:N) or availability (A:N). No known exploits are currently reported in the wild, and no patches or mitigation links have been provided at this time. The vulnerability was reserved in May 2025 and published in July 2025.
Potential Impact
For European organizations, the primary impact of CVE-2025-47980 lies in the potential unauthorized disclosure of sensitive information on systems running Windows 10 Version 1809. Since the vulnerability requires local access, the risk is higher in environments where multiple users share systems or where endpoint security controls are weak. Confidential data processed or stored on affected systems could be exposed to unauthorized users, potentially leading to data breaches, compliance violations (e.g., GDPR), and loss of intellectual property. Although the vulnerability does not allow remote exploitation or system compromise, insider threats or attackers who gain physical or remote desktop access could leverage this flaw to extract sensitive information. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, may face increased regulatory scrutiny and reputational damage if sensitive data is disclosed. The lack of a patch at present necessitates heightened vigilance and compensating controls to minimize exposure.
Mitigation Recommendations
Given the absence of an official patch, European organizations should implement specific mitigations to reduce risk from CVE-2025-47980. First, restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls, including limiting user accounts with local login privileges and employing strong authentication mechanisms. Deploy endpoint detection and response (EDR) solutions to monitor for suspicious local activity indicative of exploitation attempts. Consider upgrading affected systems to a newer, supported Windows version where this vulnerability is not present or has been patched. Employ application whitelisting and privilege management to prevent unauthorized code execution or escalation that could facilitate exploitation. Regularly audit and monitor file and process access related to the Windows Imaging Component to detect anomalous behavior. Additionally, educate users about the risks of sharing credentials or allowing untrusted individuals physical or remote access to their devices. Finally, maintain an inventory of affected systems to prioritize remediation efforts once a patch becomes available.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2025-05-14T14:44:20.083Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 686d50d36f40f0eb72f91b0e
Added to database: 7/8/2025, 5:09:39 PM
Last enriched: 8/7/2025, 12:46:14 AM
Last updated: 8/18/2025, 1:22:21 AM
Views: 15
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.