CVE-2025-47980 is a medium-severity vulnerability identified in the Windows Imaging Component (WIC) of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This vulnerability is classified under CWE-200, which involves the exposure of sensitive information to unauthorized actors. Specifically, the flaw allows a local attacker to disclose sensitive information without requiring any privileges or user interaction. The vulnerability arises from improper handling of sensitive data within the Windows Imaging Component, which is responsible for processing image files and metadata. An attacker with local access to the affected system can exploit this vulnerability to gain unauthorized access to sensitive information stored or processed by WIC. The CVSS 3.1 base score is 6.2, indicating a medium severity level. The vector string (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C) indicates that the attack requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), unchanged scope (S:U), and results in high confidentiality impact (C:H) but no impact on integrity or availability. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability is significant because it allows unauthorized disclosure of sensitive information purely through local access, which could be leveraged in multi-user environments or by malicious insiders. Given that Windows 10 Version 1809 is an older release, systems still running this version may be at increased risk if not updated or mitigated.

For European organizations, the exposure of sensitive information due to this vulnerability could lead to significant confidentiality breaches, especially in environments where multiple users have local access to the same systems, such as shared workstations, terminal servers, or virtual desktop infrastructures. Sensitive data leakage could include personal data protected under GDPR, intellectual property, or credentials cached in memory or files processed by the Windows Imaging Component. This could result in regulatory penalties, reputational damage, and potential lateral movement by attackers within corporate networks. Since the vulnerability does not require privileges or user interaction, it lowers the barrier for exploitation by insiders or attackers who have gained limited local access. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and government, are particularly at risk. The lack of a patch at the time of disclosure means that mitigation relies heavily on compensating controls. The impact is somewhat mitigated by the requirement for local access, limiting remote exploitation, but insider threats and compromised endpoints remain a concern.

1. Upgrade or Patch: Although no patch is currently linked, organizations should monitor Microsoft’s security advisories closely and apply any forthcoming updates promptly. 2. Limit Local Access: Restrict local access to systems running Windows 10 Version 1809 by enforcing strict access controls, using endpoint protection solutions, and disabling unnecessary local accounts. 3. Upgrade OS Versions: Plan and execute upgrades to supported and fully patched Windows versions, as Windows 10 Version 1809 is out of mainstream support and more vulnerable to exploitation. 4. Use Application Whitelisting: Employ application control policies to prevent unauthorized applications or scripts from running, reducing the risk of local exploitation. 5. Monitor and Audit: Implement robust logging and monitoring of local access and file operations related to imaging components to detect suspicious activities. 6. Network Segmentation: Isolate critical systems to limit lateral movement if local compromise occurs. 7. Data Encryption: Encrypt sensitive data at rest and in memory where possible to reduce the value of any disclosed information. 8. User Training: Educate users about the risks of local access vulnerabilities and insider threats to encourage vigilance.