CVE-2025-58720 is a vulnerability classified under CWE-1240, indicating the use of a cryptographic primitive with a risky implementation in Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw resides within Windows Cryptographic Services, a core component responsible for cryptographic operations such as encryption, decryption, and key management. The vulnerability allows an authorized attacker with local access and low privileges to exploit the risky cryptographic implementation to disclose sensitive information. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) highlights that the attack requires local access, low attack complexity, and privileges but no user interaction, and it impacts confidentiality, integrity, and availability at a high level. The risky implementation could involve weak key management, improper randomness, or flawed cryptographic algorithm usage, leading to potential leakage of cryptographic keys or sensitive data. No patches or known exploits are currently available, but the vulnerability is publicly disclosed and rated high severity, underscoring the urgency for mitigation. The vulnerability's presence in Windows 10 Version 1809, a widely deployed enterprise and consumer OS version, increases its potential impact.

The vulnerability can lead to unauthorized disclosure of sensitive information, potentially including cryptographic keys or protected data, compromising confidentiality. The high impact on integrity and availability suggests that exploitation could also allow attackers to manipulate cryptographic operations or disrupt services relying on these functions. Organizations running Windows 10 Version 1809 are at risk of local privilege escalation scenarios where an attacker with limited access can gain further sensitive information, facilitating lateral movement or privilege escalation. Critical infrastructure, government agencies, and enterprises relying on this OS version for secure communications or data protection could face significant operational and reputational damage. The lack of user interaction requirement and low attack complexity increase the likelihood of exploitation in environments where local access is possible, such as shared workstations or multi-user systems.

Organizations should immediately inventory systems running Windows 10 Version 1809 (build 10.0.17763.0) and restrict local access to trusted users only. Implement strict access controls and monitoring to detect unauthorized local activity. Until a patch is released, consider disabling or limiting use of Windows Cryptographic Services where feasible or applying application whitelisting to prevent untrusted code execution. Employ endpoint detection and response (EDR) solutions to monitor for suspicious cryptographic operations or privilege escalation attempts. Regularly audit and update system permissions to minimize the number of users with local privileges. When patches become available, prioritize their deployment in all affected environments. Additionally, educate users about the risks of local access and enforce strong physical security controls to prevent unauthorized device access.