CVE-2025-58739 is a vulnerability identified in Microsoft Windows 11 Version 25H2 (build 10.0.26200.0) that results in the exposure of sensitive information to unauthorized actors through Windows File Explorer. The vulnerability is classified under CWE-200, indicating an information disclosure issue. Specifically, an attacker can exploit this flaw over a network to perform spoofing attacks, leveraging the sensitive data leaked by File Explorer to masquerade as legitimate entities or users. The attack vector is network-based (AV:N), requiring no privileges (PR:N), but does require user interaction (UI:R), such as opening or browsing files or directories that trigger the vulnerability. The scope is unchanged (S:U), meaning the impact is limited to the vulnerable component without affecting other system components. The confidentiality impact is high (C:H), indicating that sensitive data can be disclosed, but there is no impact on integrity (I:N) or availability (A:N). The exploitability is rated as medium with a CVSS v3.1 base score of 6.5, reflecting the ease of exploitation combined with significant confidentiality loss. No public exploits are known at this time, and no patches have been published yet. The vulnerability was reserved on 2025-09-03 and published on 2025-10-14. The lack of patches means organizations must rely on interim mitigations until official updates are available. The vulnerability's nature suggests that attackers could use the disclosed information to craft more convincing spoofing or phishing attacks, potentially leading to further compromise.

For European organizations, this vulnerability poses a significant risk to confidentiality, especially in sectors handling sensitive or regulated data such as finance, healthcare, and government. The exposure of sensitive information could facilitate targeted phishing, social engineering, or lateral movement within networks. Since Windows 11 adoption is growing rapidly across Europe, many enterprises and public sector entities are potentially vulnerable. The network-based attack vector increases the risk in environments with extensive interconnectivity or remote access. While the vulnerability does not directly impact system integrity or availability, the information disclosure could be a stepping stone for more severe attacks. Organizations with critical infrastructure or those subject to strict data protection regulations (e.g., GDPR) must be particularly vigilant. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once details become widely known. The medium severity rating suggests a moderate but actionable threat level.

1. Monitor Microsoft security advisories closely and apply official patches immediately upon release to remediate the vulnerability. 2. Until patches are available, restrict network access to Windows 11 25H2 systems, especially limiting exposure to untrusted networks or segments. 3. Implement network segmentation to isolate critical systems and reduce the attack surface. 4. Educate users to avoid opening or interacting with suspicious files or network shares that could trigger the vulnerability. 5. Employ endpoint detection and response (EDR) solutions to monitor for unusual File Explorer activity or network spoofing attempts. 6. Use network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect anomalous spoofing traffic. 7. Review and tighten access controls and authentication mechanisms to limit unauthorized network interactions with vulnerable hosts. 8. Conduct regular security assessments and penetration tests focusing on information disclosure vectors within Windows environments. 9. Maintain up-to-date backups and incident response plans to quickly respond if exploitation occurs. 10. Consider temporary disabling or restricting File Explorer network browsing features if feasible in high-risk environments.