CVE-2025-49658 is a medium-severity security vulnerability identified in Microsoft Windows 10 Version 1809, specifically in the TDX.sys driver component. The vulnerability is classified as an out-of-bounds read (CWE-125), which occurs when the software reads data beyond the boundaries of allocated memory buffers. This flaw allows an authorized local attacker—one with limited privileges (PR:L)—to read sensitive information from memory that should not be accessible, potentially leading to information disclosure. The vulnerability does not require user interaction (UI:N) and affects confidentiality (C:H) without impacting integrity or availability. The attack vector is local (AV:L), meaning the attacker must have local access to the system to exploit the flaw. The vulnerability scope is unchanged (S:U), indicating it affects resources within the same security scope. The CVSS v3.1 base score is 5.5, reflecting a medium severity level. No known exploits are currently reported in the wild, and no patches or mitigations have been officially released at the time of publication. The vulnerability resides in the TDX.sys driver, which is related to Trusted Domain Extensions or virtualization-based security features in Windows, suggesting that the flaw could expose sensitive kernel or hypervisor-related data to an attacker with local access. Since the affected version is Windows 10 Version 1809 (build 17763.0), which is an older release, many organizations may have already moved to newer versions, but legacy systems remain at risk.

For European organizations, the primary impact of CVE-2025-49658 is the potential unauthorized disclosure of sensitive information from affected Windows 10 Version 1809 systems. This could include confidential data residing in memory, such as cryptographic keys, credentials, or other sensitive process information. Although the vulnerability does not allow privilege escalation or system disruption, the leakage of sensitive data can facilitate further attacks, such as lateral movement or privilege escalation by adversaries. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, could face compliance risks if sensitive data is exposed. Additionally, since the vulnerability requires local access, insider threats or attackers who have already compromised lower-privileged accounts could leverage this flaw to escalate their knowledge of the system environment. The impact is mitigated somewhat by the requirement for local access and the absence of remote exploitation vectors, but legacy systems still represent a significant risk, especially in environments where Windows 10 Version 1809 remains in use due to compatibility or operational constraints.

To mitigate CVE-2025-49658, European organizations should prioritize upgrading affected systems from Windows 10 Version 1809 to a supported and patched version of Windows 10 or Windows 11, as newer versions are unlikely to contain this vulnerability. In environments where immediate upgrades are not feasible, organizations should implement strict access controls to limit local user privileges and restrict physical and remote access to affected machines. Employing endpoint detection and response (EDR) solutions can help monitor for suspicious local activity indicative of exploitation attempts. Additionally, organizations should audit and harden virtualization and Trusted Domain Extensions configurations, as the vulnerability resides in TDX.sys, a component related to virtualization security. Regularly reviewing and applying security updates from Microsoft as they become available is critical. Network segmentation and the principle of least privilege should be enforced to reduce the risk of an attacker gaining local access to vulnerable systems. Finally, organizations should maintain comprehensive logging and monitoring to detect potential information disclosure attempts.