CVE-2025-58735 is a use-after-free vulnerability classified under CWE-416 affecting Microsoft Windows 11 Version 25H2 (build 10.0.26200.0). The vulnerability resides in Inbox COM Objects, which are components used for inter-process communication and object management within Windows. A use-after-free flaw occurs when a program continues to use a pointer after the memory it points to has been freed, leading to undefined behavior including memory corruption. In this case, an unauthorized attacker with local access can exploit this flaw to execute arbitrary code with the privileges of the current user. The CVSS v3.1 score is 7.0, indicating high severity, with an attack vector of local (AV:L), high attack complexity (AC:H), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). The vulnerability was reserved in early September 2025 and published in mid-October 2025, with no known exploits in the wild and no patches released yet. Exploitation involves triggering the use-after-free condition in the Inbox COM Objects, leading to memory corruption that can be leveraged to run arbitrary code locally. This could allow attackers to install programs, view or modify data, or create new accounts with full user rights. The lack of required privileges lowers the barrier for exploitation, but the need for user interaction and high complexity reduces the likelihood of widespread exploitation in the short term.

For European organizations, this vulnerability poses a significant risk due to the widespread adoption of Windows 11 25H2 in enterprise and government environments. Successful exploitation can lead to full compromise of affected systems, resulting in data breaches, disruption of critical services, and potential lateral movement within networks. Confidentiality is at risk as attackers could access sensitive information; integrity is compromised through unauthorized code execution and system modifications; availability could be impacted by system crashes or denial-of-service conditions. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly vulnerable due to the sensitive nature of their data and operations. The local attack vector means that attackers need some form of access, such as through phishing, social engineering, or insider threats. The requirement for user interaction implies that end-user awareness and training can mitigate some risk. However, once exploited, the attacker could gain significant control, making this a high-impact threat for European entities relying on Windows 11 25H2.

1. Restrict local access: Enforce strict access controls on endpoints running Windows 11 25H2 to limit the number of users with local login capabilities. 2. Apply the principle of least privilege: Ensure users operate with minimal privileges necessary to reduce the impact of code execution. 3. Enhance user awareness: Train users to recognize and avoid social engineering and phishing attempts that could lead to local exploitation. 4. Monitor for suspicious activity: Deploy endpoint detection and response (EDR) solutions to identify unusual behaviors indicative of exploitation attempts targeting COM objects or memory corruption. 5. Disable or restrict use of Inbox COM Objects where feasible, or apply application whitelisting to prevent unauthorized code execution. 6. Prepare for patch deployment: Establish rapid patch management processes to apply security updates as soon as Microsoft releases a fix. 7. Use virtualization or sandboxing for high-risk user activities to contain potential exploitation. 8. Regularly audit and update security policies related to local access and software execution. These targeted mitigations go beyond generic advice by focusing on local access control, user behavior, and monitoring specific to the nature of this vulnerability.