CVE-2025-49722 is a vulnerability categorized under CWE-400 (Uncontrolled Resource Consumption) found in the Windows Print Spooler components of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). The flaw allows an authorized attacker with adjacent network access to trigger excessive resource consumption, such as CPU or memory exhaustion, within the print spooler service. This can lead to a denial of service (DoS) condition, rendering the print spooler and potentially the entire system unresponsive or unstable. The attack vector requires the attacker to be on the same or a closely connected network segment (adjacent network), and to have low-level privileges (PR:L), but no user interaction is needed. The CVSS v3.1 score is 5.7, reflecting a medium severity due to the impact on availability only, with no confidentiality or integrity compromise. The vulnerability is notable because the Windows Print Spooler service has historically been a frequent target for exploitation, and this issue could be leveraged to disrupt printing services critical to business operations. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and assigned a CVE ID. The affected version, Windows 10 Version 1507, is an early release of Windows 10 and is largely considered outdated and out of support, which increases the risk for organizations still running this version. The uncontrolled resource consumption could be exploited to degrade system performance or cause crashes, impacting operational continuity.

For European organizations, the primary impact of CVE-2025-49722 is the potential denial of service on systems running Windows 10 Version 1507, particularly those utilizing networked print spooler services. This can disrupt printing operations, which are often critical in sectors such as government, healthcare, manufacturing, and finance. The availability impact could extend beyond printing if the resource exhaustion affects system stability or other dependent services. Organizations relying on legacy Windows 10 versions are at greater risk, as these versions may lack security updates and mitigations. The requirement for adjacent network access limits remote exploitation but does not eliminate risk within corporate LANs or VPN environments. Disruption of print services can lead to operational delays, increased support costs, and potential compliance issues where timely document handling is mandated. While confidentiality and integrity are not directly impacted, the denial of service could be leveraged as part of a broader attack strategy to distract or degrade defenses. The absence of known exploits reduces immediate risk but does not preclude future exploitation, especially given the historical targeting of print spooler vulnerabilities.

To mitigate CVE-2025-49722, European organizations should prioritize upgrading from Windows 10 Version 1507 to a supported and patched Windows version to eliminate the vulnerable component. In environments where immediate upgrade is not feasible, network segmentation should be implemented to restrict access to print spooler services only to trusted devices and users. Disable the print spooler service on systems where printing is not required, especially on servers and critical infrastructure. Employ firewall rules to block print spooler traffic (typically TCP ports 139 and 445) from untrusted or less secure network segments. Monitor print spooler service performance and logs for signs of resource exhaustion or unusual activity. Implement strict access controls and least privilege principles to limit the ability of users to interact with print spooler components. Consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous resource consumption patterns. Finally, maintain awareness of vendor advisories for patches or updates addressing this vulnerability and apply them promptly once available.