CVE-2025-58732 is a use-after-free vulnerability classified under CWE-416, found in the Inbox COM Objects component of Microsoft Windows 10 Version 1507 (build 10.0.10240.0). This vulnerability arises when the system improperly manages memory, freeing an object while it is still in use, which can lead to execution of arbitrary code by an attacker. The flaw allows an unauthorized attacker to execute code locally, meaning the attacker must have local access to the affected system and require user interaction to trigger the exploit. The CVSS v3.1 score is 7.0, indicating high severity, with the vector indicating local attack vector (AV:L), high attack complexity (AC:H), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No known exploits have been reported in the wild yet, and no patches are currently available, though the vulnerability has been officially published and reserved by Microsoft. The affected Windows 10 version is the initial release from 2015, which is largely out of mainstream support, increasing the risk for legacy systems still in operation. The vulnerability could be exploited by tricking a user into performing specific actions that trigger the use-after-free condition in the Inbox COM Objects, leading to arbitrary code execution with the privileges of the logged-in user.

If exploited, this vulnerability could allow attackers to execute arbitrary code locally on affected Windows 10 Version 1507 systems, potentially leading to full system compromise. This includes unauthorized access to sensitive data, modification or deletion of critical files, installation of persistent malware, and disruption of system availability. Since the attack requires local access and user interaction, the threat is more relevant in environments where attackers can gain physical or remote desktop access or trick users into executing malicious actions. Organizations running legacy Windows 10 systems, especially those without updated security controls, are at significant risk. The impact is critical for environments handling sensitive information or critical infrastructure, as attackers could leverage this vulnerability to escalate privileges or move laterally within networks.

1. Upgrade affected systems to a supported and fully patched version of Windows 10 or later, as Windows 10 Version 1507 is out of mainstream support and unlikely to receive patches. 2. Implement strict access controls to limit local access to trusted users only, reducing the risk of unauthorized exploitation. 3. Employ application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to COM object exploitation. 4. Educate users to avoid executing untrusted code or clicking suspicious links that could trigger the vulnerability. 5. Monitor systems for unusual activity indicative of exploitation attempts, such as unexpected COM object usage or memory corruption events. 6. If upgrading is not immediately feasible, consider isolating legacy systems from critical networks and applying enhanced network segmentation to limit exposure. 7. Stay alert for official patches or security advisories from Microsoft and apply them promptly once available.