CVE-2025-55683
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-27
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_server_2016 | to 10.0.14393.8519 (exc) |
| microsoft | windows_server_2019 | to 10.0.17763.7919 (exc) |
| microsoft | windows_server_2022 | to 10.0.20348.4294 (exc) |
| microsoft | windows_server_2022_23h2 | to 10.0.25398.1913 (exc) |
| microsoft | windows_server_2025 | to 10.0.26100.6899 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the exposure of sensitive information within the Windows Kernel to an unauthorized actor. It allows an authorized attacker with local access to disclose sensitive information that they should not have access to.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information on a local system, potentially compromising confidentiality. Although it does not affect integrity or availability, the exposure of sensitive data could be exploited for further attacks or privacy violations.