CVE-2025-49664 is a vulnerability identified in Microsoft Windows 10 Version 1809, specifically affecting the Windows User-Mode Driver Framework Host component. This vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. The flaw allows an attacker with local authorized access and low privileges (PR:L) to disclose sensitive information without requiring any user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have access to the affected system. The vulnerability does not impact the integrity or availability of the system but compromises confidentiality by allowing unauthorized disclosure of sensitive data. The CVSS v3.1 base score is 5.5, indicating a medium severity level. The vulnerability is exploitable without elevated privileges but requires local access, which limits the attack surface to users or processes already present on the machine. No known exploits are currently reported in the wild, and no patches have been linked or published at this time. The exposure of sensitive information could involve data handled by the User-Mode Driver Framework Host, which manages user-mode drivers, potentially leaking driver-related data or system information that could aid further attacks or violate privacy requirements. Given the affected version is Windows 10 1809 (build 10.0.17763.0), which is an older release, organizations still running this version are at risk. The vulnerability's impact is primarily on confidentiality, with no direct effect on system integrity or availability.

For European organizations, the exposure of sensitive information due to this vulnerability could lead to unauthorized disclosure of confidential data, including potentially sensitive system or driver information. This could facilitate further targeted attacks or data breaches, especially in environments where Windows 10 Version 1809 is still in use, such as legacy systems or specialized industrial setups. The confidentiality breach could affect compliance with European data protection regulations like GDPR, which mandates strict controls over personal and sensitive data. Although the vulnerability requires local access, insider threats or compromised user accounts could exploit this flaw to escalate information disclosure. The lack of user interaction requirement increases the risk of automated or stealthy exploitation once local access is obtained. The medium severity rating suggests that while the vulnerability is not critical, it poses a meaningful risk to confidentiality that should be addressed promptly to prevent potential data leakage and regulatory consequences.

1. Upgrade affected systems to a more recent and supported version of Windows 10 or Windows 11 where this vulnerability is not present or has been patched. 2. Implement strict access controls and user privilege management to minimize the number of users with local access to systems running Windows 10 Version 1809. 3. Monitor and audit local user activities to detect any unauthorized attempts to access or extract sensitive information from the User-Mode Driver Framework Host. 4. Employ endpoint detection and response (EDR) solutions capable of identifying suspicious local processes or behaviors indicative of exploitation attempts. 5. Isolate legacy systems running Windows 10 Version 1809 from critical networks and sensitive data stores to reduce the impact of potential information disclosure. 6. Apply any available security updates or workarounds from Microsoft as soon as they are released, and subscribe to vendor advisories for timely information. 7. Conduct regular security awareness training emphasizing the risks of local privilege misuse and insider threats to reduce the likelihood of exploitation.