CVE-2025-59513 is a medium severity vulnerability classified under CWE-125 (Out-of-bounds Read) found in the Windows Bluetooth RFCOM Protocol Driver on Windows 10 Version 1607 (build 10.0.14393.0). This vulnerability allows an authorized attacker with local access and low privileges to perform an out-of-bounds read operation, which can lead to unauthorized disclosure of sensitive information from system memory. The flaw exists due to improper bounds checking in the handling of Bluetooth RFCOM protocol data, enabling the attacker to read memory beyond the intended buffer limits. Exploitation does not require user interaction, but the attacker must have local privileges on the affected system. The vulnerability impacts confidentiality (high), but does not affect integrity or availability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects that the attack surface is limited to local access with low complexity and privileges, no user interaction is needed, and the scope is unchanged. No public exploits or active exploitation have been reported as of the publication date (November 11, 2025). The affected product is an older Windows 10 version (1607), which is out of mainstream support but may still be operational in some enterprise environments, particularly those with legacy systems or specialized hardware dependencies. The lack of available patches at the time of reporting indicates organizations should monitor for updates and consider temporary mitigations.

For European organizations, this vulnerability poses a risk primarily to legacy systems still running Windows 10 Version 1607, especially where Bluetooth functionality is enabled and used. The out-of-bounds read can lead to unauthorized disclosure of sensitive information, potentially exposing credentials, encryption keys, or other confidential data stored in memory. This can facilitate further attacks such as privilege escalation or lateral movement within a network. Critical sectors like government, healthcare, finance, and industrial control systems that rely on legacy Windows 10 deployments may face increased risk. Although the attack requires local access and low privileges, insider threats or attackers who have gained limited footholds could exploit this vulnerability to escalate information gathering capabilities. The absence of known exploits reduces immediate risk, but the medium severity and high confidentiality impact warrant proactive measures. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. However, information leakage could undermine compliance with data protection regulations such as GDPR if sensitive personal or business data is exposed.

European organizations should prioritize upgrading or migrating systems from Windows 10 Version 1607 to supported Windows versions with active security updates. Until patches are available, consider disabling the Bluetooth RFCOM Protocol Driver if Bluetooth functionality is not essential. Implement strict access controls to limit local user privileges and reduce the number of users with local access to vulnerable systems. Employ endpoint detection and response (EDR) solutions to monitor for suspicious local activity indicative of exploitation attempts. Conduct regular audits to identify legacy systems still running Windows 10 1607 and assess their exposure. For systems requiring Bluetooth, isolate them within segmented network zones to limit lateral movement. Educate users and administrators about the risks of local privilege misuse and enforce strong physical security controls to prevent unauthorized local access. Monitor vendor advisories for patch releases and apply updates promptly once available. Consider deploying memory protection technologies and exploit mitigation tools that can detect or prevent out-of-bounds memory reads.