CVE-2025-58739 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting Microsoft Windows 11 Version 25H2 (build 10.0.26200.0). The issue resides in Windows File Explorer, where an attacker can remotely exploit the flaw over a network to expose sensitive information without requiring any privileges on the target system. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:R). The scope is unchanged (S:U), meaning the vulnerability affects resources managed by the same security authority. The impact is high on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). The vulnerability enables spoofing attacks, potentially allowing an attacker to deceive users or systems by presenting falsified information, which could lead to further social engineering or targeted attacks. Although no exploits are currently known in the wild and no patches have been published, the vulnerability is publicly disclosed and assigned a CVSS 3.1 score of 6.5, indicating a medium severity level. The lack of patches necessitates proactive mitigation. The vulnerability's exploitation requires user interaction, such as opening a malicious file or browsing a compromised network share, which increases the attacker's need to trick users. The flaw's presence in Windows File Explorer, a core component widely used in enterprise environments, increases the potential attack surface. Given the widespread deployment of Windows 11 in corporate environments, this vulnerability could be leveraged in targeted attacks against sensitive data or to facilitate further compromise through spoofing techniques.

For European organizations, the exposure of sensitive information could lead to data breaches involving personal data, intellectual property, or confidential business information, potentially violating GDPR and other data protection regulations. The spoofing capability may enable attackers to impersonate legitimate network resources or users, facilitating phishing, credential theft, or lateral movement within networks. Sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitivity of their data and the strategic value of their networks. The requirement for user interaction limits mass exploitation but does not eliminate risk, especially in environments with less security awareness or where social engineering is prevalent. The absence of known exploits reduces immediate risk but also means organizations must remain vigilant for emerging threats. The medium severity rating suggests that while the vulnerability is serious, it is not critical, but the potential for confidentiality breaches and subsequent attacks warrants prompt attention.

1. Educate users to avoid interacting with untrusted network shares, files, or links, especially those received via email or unknown sources. 2. Implement network segmentation and strict access controls to limit exposure of Windows File Explorer to untrusted networks. 3. Deploy advanced endpoint detection and response (EDR) solutions capable of identifying suspicious file explorer activities and network spoofing attempts. 4. Monitor network traffic for anomalies indicative of spoofing or unauthorized data access. 5. Apply principle of least privilege to user accounts to reduce the impact of any successful social engineering. 6. Prepare for rapid deployment of patches once Microsoft releases updates addressing this vulnerability. 7. Use application whitelisting and restrict execution of unapproved scripts or binaries that could facilitate exploitation. 8. Employ multi-factor authentication (MFA) to reduce the risk of credential compromise stemming from spoofing attacks. 9. Regularly review and update incident response plans to include scenarios involving information exposure and spoofing attacks. 10. Consider disabling or restricting Windows File Explorer network features where feasible until patches are available.