CVE-2025-54364 is a vulnerability identified in Microsoft Knack version 0.12.0, specifically within the knack.introspection module. The issue is classified under CWE-1333, which pertains to inefficient regular expression complexity leading to a Regular Expression Denial of Service (ReDoS). This vulnerability arises when the application processes certain crafted inputs that cause the regular expression engine to consume excessive CPU resources, effectively leading to a denial of service condition. The vulnerability does not require authentication or user interaction and can be triggered locally (AV:L - Attack Vector: Local). The CVSS 4.0 base score is 6.9, indicating a medium severity level. The attack complexity is low, and no privileges or user interaction are required, but the attack vector is local, meaning an attacker must have local access to the system to exploit this issue. The impact is primarily on availability, as the inefficient regex processing can degrade or halt service operations. There are no known exploits in the wild at the time of publication, and no patches have been released yet. The vulnerability is significant because it can be leveraged to disrupt services running Microsoft Knack 0.12.0, potentially impacting systems relying on this software for introspection tasks or other functionalities tied to the knack.introspection module.

For European organizations, the impact of this vulnerability depends on the deployment and usage of Microsoft Knack 0.12.0 within their IT environments. Organizations using this specific version in critical systems could face service disruptions due to resource exhaustion caused by the ReDoS attack. This could affect availability of applications or services relying on Knack, leading to operational downtime and potential loss of productivity. Since the attack requires local access, the risk is higher in environments where multiple users have local system access or where attackers can gain such access through other means (e.g., compromised credentials, insider threats). The vulnerability does not directly compromise confidentiality or integrity but can indirectly affect business continuity and service reliability. European sectors with high reliance on Microsoft technologies and those using Knack in development or production environments should be particularly cautious. Additionally, organizations with strict availability requirements, such as financial institutions, healthcare providers, and critical infrastructure operators, may experience more severe operational impacts if exploited.

To mitigate this vulnerability, European organizations should first identify all instances of Microsoft Knack 0.12.0 in their environments, focusing on systems where the knack.introspection module is utilized. Since no official patch is currently available, organizations should consider the following specific actions: 1) Restrict local access to systems running the vulnerable version to trusted users only, minimizing the risk of local exploitation. 2) Implement monitoring and alerting for unusual CPU usage patterns that could indicate a ReDoS attack in progress. 3) If feasible, disable or limit the use of the knack.introspection module until a patch is released or upgrade to a non-vulnerable version when available. 4) Employ application-level input validation to detect and block malicious inputs that could trigger the inefficient regex processing. 5) Use host-based intrusion detection systems (HIDS) to detect anomalous behavior related to resource exhaustion. 6) Maintain strict access controls and audit logs to quickly identify and respond to potential exploitation attempts. Organizations should also stay informed about updates from Microsoft regarding patches or workarounds and apply them promptly once released.