CVE-2025-49684 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). It is classified as a buffer over-read issue (CWE-126) within the Storage Port Driver component of the operating system. A buffer over-read occurs when a program reads more data than it should from a buffer, potentially exposing sensitive information stored in adjacent memory. In this case, the vulnerability allows an authorized attacker with local access and low privileges (PR:L) to read sensitive information from memory without requiring user interaction (UI:N). The attack vector is local (AV:L), meaning the attacker must have access to the affected system. The vulnerability does not impact system integrity or availability but has a high impact on confidentiality (C:H), as it can lead to information disclosure. The vulnerability is exploitable with low complexity (AC:L), and the scope remains unchanged (S:U), indicating that the impact is confined to the vulnerable component. No known exploits are currently reported in the wild, and no patches or mitigation links have been published yet. The vulnerability was reserved in early June 2025 and published in July 2025, indicating recent discovery. The Storage Port Driver is a critical system driver managing storage device communications, so leaking information from this component could expose sensitive system or user data stored in memory buffers related to storage operations. Since the attacker must be authorized and local, this vulnerability is primarily a concern for environments where multiple users have local access or where attackers can gain local access through other means (e.g., physical access, compromised accounts).

For European organizations, the primary impact of CVE-2025-49684 is the potential unauthorized disclosure of sensitive information on Windows 10 Version 1809 systems. Many enterprises, government agencies, and critical infrastructure operators in Europe still run legacy Windows 10 versions due to compatibility or operational constraints. The information disclosed could include sensitive system data or user information residing in memory buffers managed by the Storage Port Driver. While the vulnerability does not allow privilege escalation or system disruption, the confidentiality breach could facilitate further attacks, such as lateral movement or targeted espionage. Organizations in sectors with strict data protection requirements, such as finance, healthcare, and public administration, could face compliance risks if sensitive data is exposed. Additionally, environments with shared or multi-user access, such as terminal servers or workstations in public or semi-public spaces, are at higher risk. The lack of known exploits reduces immediate risk, but the medium severity and ease of exploitation by authorized users warrant prompt attention to prevent potential misuse.

1. Upgrade and Patch: Although no patches are currently linked, organizations should monitor Microsoft security advisories closely and apply any forthcoming patches promptly. 2. Limit Local Access: Restrict local user accounts and physical access to systems running Windows 10 Version 1809. Implement strict access controls and audit local logins. 3. Upgrade OS Versions: Plan and execute upgrades to supported and more recent Windows versions where this vulnerability is not present or has been mitigated. 4. Use Endpoint Protection: Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous local activities that could indicate exploitation attempts. 5. Harden Storage Driver Access: Where possible, apply system hardening policies to limit access to storage driver interfaces and related system calls. 6. Monitor System Logs: Enable detailed logging and monitor for unusual local access patterns or attempts to read memory buffers. 7. User Awareness: Educate users about the risks of unauthorized local access and enforce policies against sharing credentials or leaving sessions unlocked. These steps go beyond generic advice by focusing on controlling local access vectors and preparing for patch deployment.