CVE-2025-58739 is a vulnerability identified in Microsoft Windows 11 Version 25H2 (build 10.0.26200.0) that involves the exposure of sensitive information to unauthorized actors through Windows File Explorer. The vulnerability is classified under CWE-200, indicating an information exposure issue. Specifically, an attacker can exploit this flaw over a network to perform spoofing attacks by leveraging the leaked sensitive information. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact is high on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). The exploitability is rated as unproven but official (E:U), with official remediation level (RL:O) and confirmed report confidence (RC:C). No patches have been released yet, and no known exploits are in the wild. The vulnerability allows attackers to gather sensitive information that could be used to spoof network communications, potentially leading to further attacks such as phishing or man-in-the-middle. The flaw arises from Windows File Explorer's handling of network data, which inadvertently leaks information that should remain protected. Because the attack requires user interaction, social engineering or tricking users into accessing malicious network resources may be necessary. This vulnerability highlights the importance of securing network file browsing and limiting exposure of sensitive metadata over networks.

For European organizations, this vulnerability poses a risk primarily to confidentiality of sensitive information accessed or transmitted via Windows File Explorer. Organizations with extensive use of Windows 11 25H2 in networked environments—such as enterprises, government agencies, and critical infrastructure operators—may face increased risk of targeted spoofing attacks that leverage leaked information. The exposure could facilitate phishing, credential theft, or lateral movement within networks. Although the vulnerability does not impact system integrity or availability, the confidentiality breach could lead to data leaks or compromise of trust in network communications. Sectors handling sensitive personal data (e.g., finance, healthcare, public administration) are particularly vulnerable under GDPR regulations, as unauthorized data exposure could result in regulatory penalties and reputational damage. The absence of patches and known exploits means organizations must proactively mitigate risk to prevent exploitation. The requirement for user interaction suggests that social engineering campaigns could be a vector, increasing risk in environments with less cybersecurity awareness.

To mitigate CVE-2025-58739, European organizations should implement the following measures beyond generic advice: 1) Restrict network access to Windows File Explorer shares and resources, especially from untrusted or external networks, using firewalls and network segmentation. 2) Educate users about the risks of interacting with unknown or suspicious network locations and discourage opening network shares or files from unverified sources. 3) Monitor network traffic for unusual or suspicious activity indicative of spoofing attempts or information leakage. 4) Employ endpoint detection and response (EDR) tools to detect anomalous File Explorer behaviors or network connections. 5) Apply principle of least privilege to user accounts to limit exposure if exploitation occurs. 6) Stay informed on Microsoft’s patch releases and apply updates promptly once available. 7) Consider disabling or limiting network discovery and file sharing features in Windows 11 where not essential. 8) Use network-level authentication and encryption (e.g., SMB signing, IPsec) to protect file sharing traffic. These targeted actions will reduce the attack surface and limit the potential for exploitation until an official patch is released.