information disclosure

Microsoft and multiple security trackers confirmed a local information‑disclosure bug in the Windows ETL (Event Trace Log) Channel, tracked as CVE‑2025‑59197, that can cause sensitive data to be written into trace/log files and exposed to local, low‑privilege actors — Microsoft published fixes...

Microsoft has published a security advisory for CVE-2025-59203, a Windows State Repository API Server file information disclosure vulnerability that can cause sensitive data to be written into log files and read by an authorized local actor; Microsoft’s published CVSS v3.1 vector for the issue...

A newly recorded vulnerability, tracked as CVE‑2025‑2884, exposes an out‑of‑bounds read in the Trusted Computing Group (TCG) TPM 2.0 reference implementation — specifically within the CryptHmacSign helper — and the flaw can allow sensitive memory contents or secrets to be leaked from affected...

Microsoft has confirmed CVE-2025-59260 as a local information‑disclosure vulnerability in the Microsoft Failover Cluster virtual driver that can write sensitive cluster state into log files or otherwise expose privileged configuration data to low‑privileged local actors, and Microsoft has...

Microsoft has recorded CVE-2025-59209 as an information disclosure vulnerability in the Windows Push Notification Core that can permit a low-privilege, authorized local actor to obtain sensitive information from a host; the advisory classifies the flaw as local-only with a medium CVSS v3.1 score...

Microsoft has assigned CVE‑2025‑59184 to an information‑disclosure weakness in Windows High Availability Services (the subsystem that underpins Storage Spaces Direct and related cluster features), warning that a low‑privileged, local actor can disclose sensitive information from an affected...

Microsoft has published a security advisory for CVE-2025-59188, an information-disclosure vulnerability in Microsoft Failover Cluster that can allow a low‑privilege, local actor to read sensitive information written to cluster diagnostic/log files; a vendor fix is available and the vulnerability...

The Windows kernel contains an information‑disclosure bug tracked as CVE-2025-55699 that allows a local, low‑privileged actor to obtain sensitive kernel memory — a reconnaissance primitive that can materially lower the bar for follow‑on attacks unless administrators apply Microsoft’s security...

Microsoft has recorded CVE-2025-58720 as an information-disclosure vulnerability in Windows Cryptographic Services — a flaw that, according to public trackers, stems from the use of a cryptographic primitive with a risky implementation and can allow an authorized local actor to disclose...

On October 14, 2025 Microsoft recorded CVE-2025-58720, an information‑disclosure vulnerability in Windows Cryptographic Services that stems from the “use of a cryptographic primitive with a risky implementation” and can allow an authorized local attacker to disclose sensitive information on...

Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...

Microsoft has published an advisory and a security update for CVE-2025-55679, a Windows Kernel information‑disclosure vulnerability that permits a local actor to obtain sensitive system memory under certain conditions — and administrators should treat it as a high-priority remediation for...

Microsoft has confirmed an information‑disclosure vulnerability in the .NET ecosystem and Visual Studio — tracked as CVE-2025-55248 — and issued cumulative updates on October 14, 2025 that remediate the issue; public CVE trackers and Microsoft’s KB pages classify the root cause as inadequate...

Microsoft has confirmed an information‑disclosure vulnerability affecting .NET, .NET Framework and Visual Studio — tracked as CVE‑2025‑55248 — and published cumulative security updates on October 14, 2025 to address it; public vulnerability trackers rate the flaw as medium (CVSS 3.1 = 4.8) and...

Microsoft has cataloged CVE-2025-59294, a Windows Taskbar Live Preview information‑disclosure vulnerability, and published vendor guidance that urges rapid mapping of the CVE to the appropriate KBs and immediate remediation in physically accessible, shared, or kiosk environments. Background...

Microsoft’s advisory that assigns CVE‑2025‑59294 to a Windows Taskbar Live Preview information‑disclosure issue is a reminder that even seemingly cosmetic UI features can leak sensitive data when combined with physical access or weak endpoint physical security. Background / Overview The...

Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...

Microsoft has published an advisory identifying CVE-2025-47979, an information-disclosure vulnerability in Windows Failover Cluster that can cause sensitive data to be written into cluster log files and thereby exposed to a local, low‑privilege attacker; the issue is scored CVSS 3.1 = 5.5...

Microsoft’s advisory for CVE-2025-59211 documents an information disclosure flaw in the Windows Push Notification Core that allows a low‑privilege, authorized local actor to obtain sensitive data from the system — a vulnerability Microsoft classifies as local, low‑privilege, high‑confidentiality...

Microsoft’s Security Update Guide lists CVE-2025-59204 as an information‑disclosure issue tied to the Windows Management Service, a privileged management‑plane component, and the advisory (as published in Microsoft’s interactive MSRC update guide) frames the vulnerability as presenting an...