CVE-2025-49664 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809, specifically affecting the Windows User-Mode Driver Framework Host component. The vulnerability is classified under CWE-200, which involves the exposure of sensitive information to unauthorized actors. In this case, an authorized attacker with local access and low privileges (PR:L) can exploit this vulnerability to disclose sensitive information from the system without requiring any user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have some level of access to the affected machine. The vulnerability does not impact the integrity or availability of the system but compromises confidentiality (C:H), allowing the attacker to gain access to sensitive data that should otherwise be protected. The CVSS 3.1 base score is 5.5, reflecting a medium severity level. The vulnerability is exploitable with low complexity (AC:L) and does not require user interaction, which increases the risk if an attacker gains local access. However, there are no known exploits in the wild at the time of publication, and no patches have been linked yet. The affected version is Windows 10 build 17763.0, which corresponds to the 1809 release. This vulnerability could be leveraged in scenarios where an attacker has already gained limited access to a system, such as through phishing or insider threats, to escalate information disclosure capabilities. The exposure of sensitive information could include credentials, system configuration details, or other data that could facilitate further attacks or lateral movement within a network.

For European organizations, this vulnerability poses a risk primarily in environments where Windows 10 Version 1809 is still in use, particularly in legacy systems or specialized industrial setups that have not been updated. The exposure of sensitive information can lead to data breaches, loss of intellectual property, or leakage of personal data protected under GDPR, potentially resulting in regulatory penalties and reputational damage. Since the vulnerability requires local access, the threat is more significant in scenarios where endpoint security is weak, or insider threats are a concern. Organizations in sectors with high compliance requirements, such as finance, healthcare, and critical infrastructure, could face increased risks if sensitive operational or customer data is exposed. The lack of known exploits reduces immediate risk, but the medium severity rating and ease of exploitation mean that attackers with local access could leverage this vulnerability to gain valuable information for further attacks. Additionally, the persistence of Windows 10 1809 in some European enterprises due to compatibility or operational constraints means that the vulnerability remains relevant.

1. Immediate mitigation should include upgrading affected systems to a newer, supported version of Windows 10 or Windows 11 where this vulnerability is patched or not present. 2. Implement strict access controls and endpoint security measures to limit local access to authorized personnel only, reducing the risk of exploitation. 3. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for unusual activities related to the User-Mode Driver Framework Host process. 4. Conduct regular audits of systems running Windows 10 Version 1809 to identify and isolate vulnerable machines. 5. Enforce the principle of least privilege to minimize the number of users with local access rights that could exploit this vulnerability. 6. Educate employees about the risks of local access exploitation and insider threats to reduce the likelihood of unauthorized access. 7. Monitor security advisories from Microsoft for the release of patches or workarounds and apply them promptly once available. 8. Consider network segmentation to limit the impact of compromised endpoints within the organizational network.