CVE-2025-62572 is an out-of-bounds read vulnerability classified under CWE-125, discovered in the Application Information Services component of Microsoft Windows Server 2025, specifically the Server Core installation variant. This vulnerability arises when the application improperly handles memory boundaries, allowing an attacker with authorized local access and limited privileges to read memory beyond the intended buffer. Such out-of-bounds reads can lead to the disclosure of sensitive information or corrupt memory states, which attackers can exploit to elevate their privileges on the system. The vulnerability does not require user interaction and has a low attack complexity, but it does require the attacker to have some level of local access (PR:L). The CVSS v3.1 base score of 7.8 reflects its high impact on confidentiality, integrity, and availability, as successful exploitation could allow an attacker to gain higher privileges and potentially take full control of the affected server. The vulnerability affects Windows Server 2025 version 10.0.26100.0, a recent release, and no patches or exploits are publicly known at this time. The flaw is particularly concerning in Server Core installations, which are commonly used in enterprise environments for their reduced attack surface and streamlined management. The vulnerability was reserved in mid-October 2025 and published in early December 2025, indicating a recent discovery and disclosure. Given the nature of the vulnerability, it is likely to be targeted in environments where local access is possible, such as compromised internal networks or through malicious insiders.

For European organizations, this vulnerability poses a significant risk, especially for enterprises and critical infrastructure relying on Windows Server 2025 Server Core installations. Successful exploitation could allow attackers to escalate privileges locally, potentially leading to full system compromise, unauthorized access to sensitive data, disruption of services, and lateral movement within networks. This is particularly critical for sectors such as finance, healthcare, government, and manufacturing, where Windows Server 2025 may be deployed to manage critical applications and services. The high impact on confidentiality, integrity, and availability means that data breaches, service outages, and operational disruptions could occur. Additionally, the Server Core installation is often used to reduce attack surfaces, so a vulnerability here undermines an important security strategy. Although no known exploits are currently in the wild, the vulnerability’s characteristics make it a likely target for attackers once exploit code becomes available. European organizations with less mature patch management or those that allow broad local access could be at greater risk.

1. Monitor Microsoft security advisories closely and apply patches immediately once they are released for Windows Server 2025 Server Core installations. 2. Restrict local access to Windows Server 2025 systems to trusted personnel only, employing strict access controls and multi-factor authentication where possible. 3. Implement robust endpoint detection and response (EDR) solutions to detect unusual privilege escalation attempts or anomalous memory access patterns. 4. Conduct regular audits of user privileges and remove unnecessary local accounts or rights that could be leveraged by attackers. 5. Employ application whitelisting and system hardening techniques to reduce the attack surface and prevent unauthorized code execution. 6. Use network segmentation to limit the ability of attackers to move laterally if local access is gained. 7. Educate system administrators and security teams about this vulnerability and the importance of rapid patching and monitoring. 8. Consider deploying intrusion prevention systems (IPS) that can detect exploitation attempts targeting out-of-bounds read vulnerabilities.