CVE-2025-49664 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0) specifically affecting the Windows User-Mode Driver Framework Host component. The vulnerability is categorized under CWE-200, which involves the exposure of sensitive information to unauthorized actors. In this case, an authorized attacker with local access and low privileges (PR:L) can exploit the vulnerability to disclose sensitive information without requiring any user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have some level of access to the affected system. The vulnerability does not affect integrity or availability but has a high impact on confidentiality (C:H, I:N, A:N). The CVSS v3.1 base score is 5.5, reflecting a medium severity rating. The vulnerability is exploitable without user interaction and requires low privileges, which increases the risk in environments where multiple users have local access or where privilege escalation paths exist. No known exploits are currently reported in the wild, and no patches or mitigation links have been published yet. The vulnerability could allow attackers to access sensitive information from the User-Mode Driver Framework Host process, potentially exposing system or user data that should remain confidential. This could include driver-related information or other sensitive runtime data handled by this Windows component. Since the vulnerability requires local access, it is most relevant in scenarios where attackers have gained initial footholds or where insider threats exist. The lack of user interaction requirement means automated or scripted local attacks are feasible once access is obtained.

For European organizations, this vulnerability poses a risk primarily in environments where Windows 10 Version 1809 is still in use, especially in sectors with shared or multi-user systems such as corporate desktops, public access terminals, or industrial control systems using legacy Windows 10 installations. Exposure of sensitive information could lead to leakage of confidential business data, intellectual property, or personally identifiable information (PII), which could have regulatory and reputational consequences under GDPR and other data protection laws. The local attack vector limits remote exploitation but does not eliminate risk in cases of insider threats, compromised user accounts, or lateral movement by attackers within a network. Organizations with strict access controls and endpoint security may reduce risk, but those with legacy systems or insufficient segmentation could be vulnerable to data leaks. The vulnerability’s impact on confidentiality without affecting integrity or availability suggests attackers could silently gather information without detection, complicating incident response and forensic analysis. This could facilitate further attacks or data exfiltration. Given the medium severity and local access requirement, the threat is moderate but should not be ignored, especially in critical infrastructure, government, finance, and healthcare sectors prevalent in Europe, where sensitive data protection is paramount.

1. Upgrade and Patch: Although no patch links are currently available, organizations should monitor Microsoft’s official channels for updates addressing CVE-2025-49664 and apply them promptly once released. 2. Limit Local Access: Restrict local user accounts and enforce the principle of least privilege to minimize the number of users who can access vulnerable systems. 3. Endpoint Security Controls: Deploy endpoint detection and response (EDR) solutions capable of monitoring unusual local access or process behavior related to the User-Mode Driver Framework Host. 4. Network Segmentation: Isolate legacy Windows 10 Version 1809 systems from critical network segments to reduce the risk of lateral movement by attackers. 5. User Account Management: Implement strong authentication and session management policies to prevent unauthorized local access. 6. System Inventory and Upgrade Planning: Identify all systems running Windows 10 Version 1809 and plan upgrades to supported Windows versions with ongoing security updates. 7. Audit and Monitoring: Enable detailed logging of local access and driver framework activities to detect potential exploitation attempts. 8. Insider Threat Programs: Enhance monitoring and controls to detect and prevent malicious insider activities that could exploit this vulnerability.