CVE-2025-29839

Опубликовано: 13 мая 2025

Источник: msrc

CVSS3: 4

EPSS Низкий

Описание

Windows Multiple UNC Provider Driver Information Disclosure Vulnerability

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?

An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

What type of information could be disclosed by this vulnerability?

An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5058430 5058454	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5058449 5058429	Monthly Rollup Security Only
Windows Server 2012	5058451	Monthly Rollup
Windows Server 2012 (Server Core installation)	5058451	Monthly Rollup
Windows Server 2012 R2	5058403	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5058403	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Unlikely

DOS

N/A

EPSS

Процентиль: 16%

0.0005

Низкий

4 Medium

CVSS3

Связанные уязвимости

CVE-2025-29839

CVSS3: 4

nvd

около 1 месяца назад

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

GHSA-296p-gcc5-5329

CVSS3: 4

github

около 1 месяца назад

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.

BDU:2025-05584

CVSS3: 4

fstec

около 1 месяца назад

Уязвимость драйвера Multiple UNC Provider Driver операционных систем Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 16%

0.0005

Низкий

4 Medium

CVSS3