CVE-2025-62572 is an out-of-bounds read vulnerability classified under CWE-125 found in the Application Information Services component of Microsoft Windows Server 2025, specifically in Server Core installations (version 10.0.26100.0). This vulnerability allows an attacker who already has some level of local access (authorized user with limited privileges) to read memory beyond the intended buffer boundaries. Such out-of-bounds reads can lead to the exposure of sensitive information or memory corruption, which in this case enables privilege escalation. The attacker can leverage this flaw to elevate their privileges locally, potentially gaining SYSTEM-level access. The vulnerability does not require user interaction and has a low attack complexity, but it does require local access and some privileges. The scope of impact includes confidentiality, integrity, and availability, as the attacker could manipulate or disrupt system processes after privilege escalation. No public exploits or patches are currently available, but the vulnerability is officially published and rated with a CVSS v3.1 score of 7.8, indicating high severity. The lack of a patch means organizations must rely on compensating controls until a fix is released.

For European organizations, the impact of CVE-2025-62572 could be significant, especially for enterprises and service providers relying on Windows Server 2025 Server Core installations for critical infrastructure and applications. Successful exploitation could lead to unauthorized privilege escalation, allowing attackers to execute arbitrary code with elevated rights, access sensitive data, disrupt services, or deploy further malware. This could compromise data confidentiality and integrity, disrupt business operations, and lead to regulatory compliance violations under GDPR due to unauthorized access or data breaches. The Server Core installation is often used in environments requiring reduced attack surface and high security, so this vulnerability undermines that security assumption. Organizations in sectors such as finance, healthcare, government, and critical infrastructure in Europe could face heightened risks. The absence of known exploits currently provides a window for proactive defense, but the high severity score indicates that once exploited, the consequences could be severe.

1. Restrict local access: Limit the number of users with local access to Windows Server 2025 Server Core systems and enforce strict least privilege principles. 2. Monitor and audit: Implement detailed logging and monitoring of local user activities, especially those involving Application Information Services or privilege escalation attempts. 3. Use application whitelisting and endpoint protection solutions capable of detecting anomalous behavior related to privilege escalation. 4. Network segmentation: Isolate critical servers to reduce the risk of unauthorized local access. 5. Prepare for patching: Establish rapid patch management processes to deploy updates as soon as Microsoft releases a fix. 6. Employ multi-factor authentication and strong credential policies to reduce the risk of unauthorized local access. 7. Conduct regular vulnerability assessments and penetration testing focused on privilege escalation vectors. 8. Consider temporary compensating controls such as disabling or restricting the vulnerable service if feasible without disrupting operations.