CVE-2025-58736 is a use-after-free vulnerability classified under CWE-416 found in Inbox COM Objects within Microsoft Windows 10 Version 1809 (build 10.0.17763.0). Use-after-free vulnerabilities occur when a program continues to use memory after it has been freed, leading to memory corruption. In this case, the vulnerability allows an unauthorized attacker with local access to execute arbitrary code by manipulating the affected COM objects. The attack vector is local (AV:L), requiring high attack complexity (AC:H), no privileges (PR:N), but user interaction (UI:R). The scope is unchanged (S:U), meaning the exploit affects only the vulnerable component. The CVSS v3.1 base score is 7.0, indicating high severity, with impacts on confidentiality, integrity, and availability all rated high. No known exploits have been reported in the wild as of the publication date (October 14, 2025). The vulnerability affects legacy Windows 10 systems, which may still be in use in some environments despite being out of mainstream support. The lack of available patches at the time of reporting increases the risk for unpatched systems. Exploitation could lead to local privilege escalation or code execution, potentially allowing attackers to install malware, steal data, or disrupt system operations. The vulnerability is particularly relevant for organizations that have not upgraded from Windows 10 Version 1809 or maintain legacy systems for compatibility reasons.

For European organizations, this vulnerability poses a significant risk primarily to those still operating Windows 10 Version 1809, especially in sectors where legacy systems are common, such as manufacturing, healthcare, and government. Successful exploitation could lead to local code execution, enabling attackers to escalate privileges, deploy malware, or disrupt critical services. This could compromise sensitive data confidentiality, system integrity, and availability, potentially causing operational downtime and regulatory compliance issues under GDPR. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk in environments with shared or poorly secured workstations. Organizations relying on legacy Windows 10 systems in critical infrastructure or with limited patch management capabilities are particularly vulnerable. The absence of known exploits in the wild reduces immediate threat but does not preclude future exploitation, especially as attackers develop proof-of-concept code.

European organizations should prioritize upgrading from Windows 10 Version 1809 to a supported and patched Windows version to eliminate exposure to this vulnerability. In the absence of official patches, organizations should implement strict access controls to limit local user access to trusted personnel only and enforce the principle of least privilege. User education to avoid executing untrusted code or interacting with suspicious prompts can reduce exploitation chances. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. Network segmentation can limit lateral movement if a system is compromised. Regularly audit and inventory systems to identify any running the vulnerable Windows 10 build. If upgrading is not immediately feasible, consider disabling or restricting the use of affected Inbox COM Objects where possible. Monitoring for unusual local activity and preparing incident response plans tailored to local code execution scenarios will improve resilience.