A low-severity vulnerability was discovered by Check Point Research in January 2025 within the new Rust-based Graphics Device Interface (GDI) kernel component of Windows. The flaw affects Windows kernel components implemented in Rust, specifically targeting the GDI subsystem. Microsoft addressed the vulnerability starting with OS Build 26100. 4202 in the KB5058499 update preview released on May 28, 2025. No known exploits are currently in the wild, and the vulnerability does not appear to allow privilege escalation or direct compromise but may impact fuzzing processes or kernel stability. The vulnerability highlights challenges in integrating Rust code into critical Windows kernel components. European organizations using Windows with the affected builds should apply the patch promptly to mitigate any potential risks. Given the low severity and absence of active exploitation, the threat is limited but underscores the importance of monitoring new language integrations in OS kernels. Countries with high Windows adoption and critical infrastructure relying on Windows GDI components are most relevant for this issue. Practical mitigation involves timely patching and monitoring kernel component behavior post-update.

In early 2025, Check Point Research identified a security vulnerability in the Windows kernel's Graphics Device Interface (GDI) component, which Microsoft recently began implementing using the Rust programming language. This vulnerability, termed "Denial of Fuzzing," affects the Rust-based kernel components responsible for graphics device interfacing. The issue was responsibly disclosed to Microsoft, who released a fix starting with OS Build 26100.4202 in the KB5058499 update preview on May 28, 2025. The vulnerability does not have a CVSS score but is classified as low severity. It does not appear to allow direct code execution, privilege escalation, or data leakage but may interfere with fuzzing processes or kernel stability, potentially hindering security testing efforts or causing denial of service conditions under specific circumstances. The integration of Rust into Windows kernel components is a novel approach aimed at improving memory safety; however, this vulnerability illustrates the challenges of adopting new languages in critical system components. No known exploits have been observed in the wild, and the affected Windows versions are those incorporating the new Rust-based GDI kernel components. The vulnerability's technical details are documented in a detailed Check Point Research article published in October 2025. Organizations running affected Windows builds should prioritize patching to maintain kernel integrity and continue benefiting from Rust's safety features without exposure to this flaw.

Check Point Research

Detailed information about Denial of Fuzzing: Rust in the Windows kernel. Get real-time updates, technical details, and mitigation strategies.

Denial of Fuzzing: Rust in the Windows kernel - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Denial of Fuzzing: Rust in the Windows kernel

CVE-2025-54658 is a high-severity privilege escalation vulnerability in Fortinet FortiDLP Agent's Outlookproxy plugin on macOS versions 10. 3. 1 through 11. 5. 1. It arises from improper limitation of pathname to a restricted directory (path traversal), allowing an authenticated attacker to send crafted requests to a local listening port and escalate privileges to root without user interaction. The vulnerability impacts confidentiality, integrity, and availability of affected systems. No known exploits are currently in the wild, but the ease of exploitation and potential impact warrant immediate attention. European organizations using FortiDLP on macOS should prioritize patching and implement network segmentation and monitoring to mitigate risk. Countries with higher Fortinet market penetration and significant macOS usage in critical sectors are most at risk.

CVE-2025-54658 is a path traversal vulnerability classified under CWE-22 found in the Outlookproxy plugin of Fortinet's FortiDLP Agent for macOS versions ranging from 10.3.1 up to 11.5.1. The flaw allows an authenticated attacker to send specially crafted requests to a local listening port on the affected system, bypassing pathname restrictions intended to limit access to sensitive directories. This improper limitation enables the attacker to escalate their privileges from a limited user to root, effectively gaining full control over the system. The vulnerability does not require user interaction and has low attack complexity, but does require the attacker to be authenticated on the system. The impact covers confidentiality, integrity, and availability, as root access allows arbitrary code execution, data exfiltration, and system disruption. FortiDLP is a data loss prevention solution widely used in enterprise environments to monitor and protect sensitive data, making this vulnerability particularly concerning. Although no exploits have been reported in the wild yet, the vulnerability's characteristics and the critical nature of the affected product underscore the urgency of mitigation. The CVSS v3.1 base score is 7.2, with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C, indicating local attack vector, low complexity, required privileges, no user interaction, and full impact on confidentiality, integrity, and availability. The vulnerability was reserved in July 2025 and published in October 2025, with Fortinet as the assigner.

CVE Database V5

Detailed information about CVE-2025-54658: Escalation of privilege in Fortinet FortiDLP affecting Fortinet FortiDLP. Get real-time updates, technical details, a

CVE-2025-54658: Escalation of privilege in Fortinet FortiDLP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54658: Escalation of privilege in Fortinet FortiDLP

CVE-2025-53951 is a medium severity path traversal vulnerability in Fortinet FortiDLP Agent's Outlookproxy plugin affecting multiple versions on Windows. An authenticated attacker can exploit this flaw by sending a crafted request to a local listening port, enabling escalation of privilege to the LocalService account. This vulnerability impacts versions from 10. 3. 1 through 11. 5. 1. The attack requires local access and authentication but does not need user interaction. Although no known exploits are currently in the wild, successful exploitation could lead to limited confidentiality, integrity, and availability impacts. European organizations using FortiDLP for data loss prevention should prioritize patching once updates are available.

CVE-2025-53951 is a path traversal vulnerability classified under CWE-22 found in the Outlookproxy plugin of Fortinet's FortiDLP Agent for Windows, affecting versions 10.3.1 through 11.5.1. The flaw arises from improper limitation of pathname access, allowing an authenticated attacker to send a specially crafted request to a local listening port. This crafted request can exploit the vulnerability to escalate privileges from a lower-privileged user to the LocalService account, which has more extensive system privileges than a standard user but less than SYSTEM. The vulnerability requires the attacker to have local access and valid authentication credentials on the affected system, but no user interaction is necessary. The CVSS v3.1 base score is 4.9, indicating a medium severity level, with attack vector local (AV:L), low attack complexity (AC:L), privileges required low (PR:L), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability rated as low (C:L/I:L/A:L). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability could be leveraged to gain unauthorized access to sensitive data or disrupt data loss prevention mechanisms by elevating privileges within the FortiDLP agent environment. FortiDLP is widely used in enterprise environments to monitor and prevent data exfiltration, making this vulnerability a concern for organizations relying on this product for compliance and security.

Detailed information about CVE-2025-53951: Escalation of privilege in Fortinet FortiDLP affecting Fortinet FortiDLP. Get real-time updates, technical details, a

CVE-2025-53951: Escalation of privilege in Fortinet FortiDLP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53951: Escalation of privilege in Fortinet FortiDLP

CVE-2025-53950 is an information disclosure vulnerability in Fortinet FortiDLP Agent's Outlookproxy plugin affecting multiple versions on macOS and Windows. It allows an authenticated administrator to access current users' email information, violating privacy. The vulnerability requires high privileges and user interaction, limiting exploitation scope. It impacts confidentiality but not integrity or availability. No known exploits are reported in the wild yet. European organizations using FortiDLP for data loss prevention, especially those with strict privacy regulations, are at risk. Mitigation involves promptly applying vendor patches once available and restricting administrative access. Countries with significant Fortinet deployments and stringent data protection laws, such as Germany, France, and the UK, are most likely affected. The vulnerability is rated medium severity with a CVSS score of 5. 1.

CVE-2025-53950 is a medium severity information disclosure vulnerability identified in Fortinet's FortiDLP Agent, specifically within the Outlookproxy plugin used on macOS and Windows platforms. The affected versions span multiple releases from 10.3.1 through 11.5.1. The vulnerability arises from improper handling of private personal information, allowing an authenticated administrator with high privileges to collect current users' email data, thereby exposing sensitive information. The CVSS 3.1 vector indicates that the attack requires local access (AV:L), low attack complexity (AC:L), high privileges (PR:H), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact is primarily on confidentiality (C:H), with no impact on integrity or availability. Although no known exploits are currently reported in the wild, the vulnerability represents a privacy violation that could be leveraged for insider threats or lateral movement within an organization. FortiDLP is a data loss prevention solution widely used to monitor and protect sensitive data, making this vulnerability particularly concerning for organizations relying on it to secure email communications. The issue is related to CWE-359, indicating exposure of private information due to insufficient protection mechanisms in the software's plugin.

Detailed information about CVE-2025-53950: Information disclosure in Fortinet FortiDLP affecting Fortinet FortiDLP. Get real-time updates, technical details, an

CVE-2025-53950: Information disclosure in Fortinet FortiDLP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53950: Information disclosure in Fortinet FortiDLP

CVE-2025-46752 is a medium-severity information disclosure vulnerability in Fortinet FortiDLP versions 11. 4. 5 through 12. 0. 4. The flaw involves the insertion of sensitive information into log files, which can be exploited by an attacker with limited privileges to disclose confidential data by reusing an enrollment code. Exploitation requires local access and privileges, but no user interaction is needed. The vulnerability impacts confidentiality and integrity but does not affect availability. No known exploits are currently in the wild. European organizations using affected FortiDLP versions should prioritize patching and restrict access to logs and enrollment codes to mitigate risk.

CVE-2025-46752 is an information disclosure vulnerability identified in Fortinet FortiDLP, a data loss prevention solution widely used to monitor and protect sensitive data. The vulnerability exists in versions 11.4.5, 11.5.1, and 12.0.0 through 12.0.4. It arises from the improper handling of sensitive information, specifically the insertion of confidential data into log files. An attacker with limited privileges (local access and low privileges) can exploit this flaw by reusing an enrollment code, which is intended for device or user enrollment in the FortiDLP system. This reuse enables the attacker to access sensitive information that should not be exposed, leading to information disclosure. The vulnerability does not require user interaction and has a low attack vector (local access), making exploitation somewhat constrained but still feasible in environments where attackers have some foothold. The CVSS v3.1 score is 4.2 (medium severity), reflecting limited impact on confidentiality and integrity, no impact on availability, and the requirement for privileges and local access. No public exploits or active exploitation have been reported as of the publication date. Fortinet has not yet published patches or mitigations, so affected organizations must rely on compensating controls until updates are available.

Detailed information about CVE-2025-46752: Information disclosure in Fortinet FortiDLP affecting Fortinet FortiDLP. Get real-time updates, technical details, an

CVE-2025-46752: Information disclosure in Fortinet FortiDLP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-46752: Information disclosure in Fortinet FortiDLP

The tech giant attributed the attacks to Vanilla Tempest, also known as Vice Spider and Vice Society. The post Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign appeared first on SecurityWeek .

SecurityWeek

Detailed information about Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign. Get real-time updates, technical details, and mitigation stra

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign

Description

Community Reviews

Related Threats

CVE-2025-53951: Escalation of privilege in Fortinet FortiDLP

CVE-2025-53950: Information disclosure in Fortinet FortiDLP

CVE-2025-46752: Information disclosure in Fortinet FortiDLP

CVE-2025-11839: Unchecked Return Value in GNU Binutils

CVE-2025-9955: Vulnerability in WSO2 WSO2 Enterprise Integrator

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility