CVE-2025-53156 is a vulnerability identified in Microsoft Windows Server 2025, specifically affecting the Server Core installation variant. The flaw resides in the Storage Port Driver component, which improperly exposes sensitive information to unauthorized actors. The vulnerability is classified under CWE-200, indicating an exposure of sensitive information. An attacker with authorized local access and low privileges can exploit this vulnerability to disclose sensitive data stored or processed by the Storage Port Driver. The CVSS v3.1 score is 5.5 (medium severity), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), and no user interaction (UI:N) is needed. The impact is limited to confidentiality (C:H), with no effect on integrity or availability. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component. No exploits are known in the wild, and no patches have been published at the time of disclosure. The affected version is 10.0.26100.0 of Windows Server 2025. This vulnerability could potentially allow attackers to gather sensitive information that might facilitate privilege escalation or lateral movement within a network. Given the Server Core installation is often used in environments prioritizing minimal footprint and security, this exposure could undermine those security assumptions if local access controls are weak.

For European organizations, the exposure of sensitive information in Windows Server 2025 Server Core installations could have significant consequences, particularly in sectors relying heavily on Microsoft server infrastructure such as finance, healthcare, government, and critical infrastructure. Confidential data leakage could lead to further exploitation, including privilege escalation or targeted attacks leveraging the disclosed information. Although the vulnerability requires local access and low privileges, insider threats or attackers who have gained initial footholds could exploit this to deepen their access. The lack of impact on integrity and availability reduces the risk of direct service disruption, but the confidentiality breach could compromise sensitive operational or personal data, violating GDPR and other data protection regulations. Organizations with inadequate internal access controls or monitoring may be more vulnerable. The absence of a patch increases the window of exposure, necessitating proactive risk management.

To mitigate this vulnerability effectively, European organizations should implement strict local access controls on Windows Server 2025 systems, ensuring only trusted administrators and processes have access. Employing robust endpoint security solutions to monitor and alert on suspicious local activities can help detect exploitation attempts early. Network segmentation should be used to limit lateral movement opportunities if an attacker gains local access. Organizations should also audit and minimize the number of users with local privileges on Server Core installations. Since no patch is currently available, applying defense-in-depth strategies such as application whitelisting and enhanced logging is critical. Preparing for rapid deployment of official patches once released by Microsoft is essential. Additionally, conducting regular security assessments and penetration testing focused on local privilege escalation and information disclosure vectors can identify weaknesses before exploitation occurs.