Skip to main content

CVE-2025-49664: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Microsoft Windows 10 Version 1809

Medium
VulnerabilityCVE-2025-49664cvecve-2025-49664cwe-200
Published: Tue Jul 08 2025 (07/08/2025, 16:57:50 UTC)
Source: CVE Database V5
Vendor/Project: Microsoft
Product: Windows 10 Version 1809

Description

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

AI-Powered Analysis

AILast updated: 08/07/2025, 00:57:04 UTC

Technical Analysis

CVE-2025-49664 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809, specifically affecting the Windows User-Mode Driver Framework Host component. The vulnerability is classified under CWE-200, which involves the exposure of sensitive information to unauthorized actors. In this case, an authorized attacker with local access and low privileges (PR:L) can exploit this vulnerability to disclose sensitive information from the system without requiring any user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have some level of access to the affected machine. The vulnerability does not impact the integrity or availability of the system but compromises confidentiality (C:H), allowing the attacker to gain access to sensitive data that should otherwise be protected. The CVSS 3.1 base score is 5.5, reflecting a medium severity level. The vulnerability is exploitable with low complexity (AC:L) and does not require user interaction, which increases the risk if an attacker gains local access. However, there are no known exploits in the wild at the time of publication, and no patches have been linked yet. The affected version is Windows 10 build 17763.0, which corresponds to the 1809 release. This vulnerability could be leveraged in scenarios where an attacker has already gained limited access to a system, such as through phishing or insider threats, to escalate information disclosure capabilities. The exposure of sensitive information could include credentials, system configuration details, or other data that could facilitate further attacks or lateral movement within a network.

Potential Impact

For European organizations, this vulnerability poses a risk primarily in environments where Windows 10 Version 1809 is still in use, particularly in legacy systems or specialized industrial setups that have not been updated. The exposure of sensitive information can lead to data breaches, loss of intellectual property, or leakage of personal data protected under GDPR, potentially resulting in regulatory penalties and reputational damage. Since the vulnerability requires local access, the threat is more significant in scenarios where endpoint security is weak, or insider threats are a concern. Organizations in sectors with high compliance requirements, such as finance, healthcare, and critical infrastructure, could face increased risks if sensitive operational or customer data is exposed. The lack of known exploits reduces immediate risk, but the medium severity rating and ease of exploitation mean that attackers with local access could leverage this vulnerability to gain valuable information for further attacks. Additionally, the persistence of Windows 10 1809 in some European enterprises due to compatibility or operational constraints means that the vulnerability remains relevant.

Mitigation Recommendations

1. Immediate mitigation should include upgrading affected systems to a newer, supported version of Windows 10 or Windows 11 where this vulnerability is patched or not present. 2. Implement strict access controls and endpoint security measures to limit local access to authorized personnel only, reducing the risk of exploitation. 3. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for unusual activities related to the User-Mode Driver Framework Host process. 4. Conduct regular audits of systems running Windows 10 Version 1809 to identify and isolate vulnerable machines. 5. Enforce the principle of least privilege to minimize the number of users with local access rights that could exploit this vulnerability. 6. Educate employees about the risks of local access exploitation and insider threats to reduce the likelihood of unauthorized access. 7. Monitor security advisories from Microsoft for the release of patches or workarounds and apply them promptly once available. 8. Consider network segmentation to limit the impact of compromised endpoints within the organizational network.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2025-06-09T17:28:52.663Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 686d50d56f40f0eb72f91bc3

Added to database: 7/8/2025, 5:09:41 PM

Last enriched: 8/7/2025, 12:57:04 AM

Last updated: 8/14/2025, 5:35:48 PM

Views: 14

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats