CVE-2025-59244 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The issue resides in the Windows Core Shell component, where an attacker can externally control file names or paths used by the system. This manipulation enables spoofing attacks over a network, potentially deceiving users or automated processes by presenting falsified file paths or names. The vulnerability requires no privileges (PR:N) but does require user interaction (UI:R), such as opening a malicious file or link crafted by the attacker. The attack vector is network-based (AV:N), making it feasible for remote exploitation. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with high impact on confidentiality but no impact on integrity or availability. The scope remains unchanged (S:U), meaning the vulnerability affects only the vulnerable component without extending to other system components. No known exploits have been reported in the wild, and no official patches have been published at the time of analysis. The vulnerability could be leveraged in social engineering or phishing campaigns to mislead users into executing malicious content or disclosing sensitive information by exploiting the spoofed file paths. This flaw highlights the importance of validating and sanitizing file paths and names within system components that interact with external inputs.

For European organizations, this vulnerability poses a moderate risk primarily through spoofing attacks that could lead to information disclosure or social engineering exploits. Confidentiality is at risk as attackers may trick users into trusting malicious files or links that appear legitimate due to manipulated file paths. This can facilitate phishing, credential theft, or delivery of secondary payloads. The lack of impact on integrity and availability reduces the risk of direct system compromise or denial of service. However, sectors such as finance, healthcare, government, and critical infrastructure that rely heavily on Windows 10 Version 1809 and have high exposure to network threats could face targeted attacks exploiting this vulnerability. The requirement for user interaction means that effective user awareness and training can reduce risk, but the network-based attack vector increases the likelihood of exposure. The absence of patches necessitates interim mitigations to prevent exploitation. Organizations running legacy Windows 10 versions are particularly vulnerable, as newer versions may have addressed this issue. Overall, the vulnerability could undermine trust in file authenticity and increase the success rate of phishing or malware campaigns within European enterprises.

1. Upgrade affected systems from Windows 10 Version 1809 to a supported and patched Windows version where this vulnerability is resolved. 2. Until patches are available, restrict user interaction with untrusted files and links, especially those received via email or network shares. 3. Implement strict network filtering and segmentation to limit exposure to potentially malicious network traffic targeting Windows Core Shell components. 4. Deploy endpoint protection solutions capable of detecting and blocking suspicious file path manipulations or spoofing attempts. 5. Enhance user awareness training focusing on recognizing spoofed file names and paths and avoiding interaction with unexpected files or links. 6. Monitor network and endpoint logs for unusual file path activities or anomalies indicative of exploitation attempts. 7. Apply application whitelisting to prevent execution of unauthorized or suspicious files. 8. Use security tools that validate file path integrity and enforce policies preventing external control of file names or paths. 9. Coordinate with Microsoft security advisories to promptly apply official patches once released. 10. Conduct regular vulnerability assessments and penetration testing to identify and remediate similar path manipulation issues.