information disclosure

Microsoft has assigned CVE‑2025‑59184 to an information‑disclosure weakness in Windows High Availability Services (the subsystem that underpins Storage Spaces Direct and related cluster features), warning that a low‑privileged, local actor can disclose sensitive information from an affected...

Microsoft has published a security advisory for CVE-2025-59188, an information-disclosure vulnerability in Microsoft Failover Cluster that can allow a low‑privilege, local actor to read sensitive information written to cluster diagnostic/log files; a vendor fix is available and the vulnerability...

On October 14, 2025 Microsoft recorded CVE-2025-58720, an information‑disclosure vulnerability in Windows Cryptographic Services that stems from the “use of a cryptographic primitive with a risky implementation” and can allow an authorized local attacker to disclose sensitive information on...

Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...

Microsoft has published an advisory and a security update for CVE-2025-55679, a Windows Kernel information‑disclosure vulnerability that permits a local actor to obtain sensitive system memory under certain conditions — and administrators should treat it as a high-priority remediation for...

Microsoft has confirmed an information‑disclosure vulnerability affecting .NET, .NET Framework and Visual Studio — tracked as CVE‑2025‑55248 — and published cumulative security updates on October 14, 2025 to address it; public vulnerability trackers rate the flaw as medium (CVSS 3.1 = 4.8) and...

Microsoft’s advisory that assigns CVE‑2025‑59294 to a Windows Taskbar Live Preview information‑disclosure issue is a reminder that even seemingly cosmetic UI features can leak sensitive data when combined with physical access or weak endpoint physical security. Background / Overview The...

Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...

Microsoft has published an advisory identifying CVE-2025-47979, an information-disclosure vulnerability in Windows Failover Cluster that can cause sensitive data to be written into cluster log files and thereby exposed to a local, low‑privilege attacker; the issue is scored CVSS 3.1 = 5.5...

Microsoft’s advisory for CVE-2025-59211 documents an information disclosure flaw in the Windows Push Notification Core that allows a low‑privilege, authorized local actor to obtain sensitive data from the system — a vulnerability Microsoft classifies as local, low‑privilege, high‑confidentiality...

Microsoft’s Security Update Guide lists CVE-2025-59204 as an information‑disclosure issue tied to the Windows Management Service, a privileged management‑plane component, and the advisory (as published in Microsoft’s interactive MSRC update guide) frames the vulnerability as presenting an...

Microsoft’s security advisory for CVE‑2025‑58717 warns of an out‑of‑bounds read vulnerability in the Windows Routing and Remote Access Service (RRAS) that can cause RRAS to disclose process memory to a remote caller — an information‑disclosure bug that demands immediate inventory, targeted...

Microsoft has published an advisory for CVE-2025-55700: an out‑of‑bounds read in the Windows Routing and Remote Access Service (RRAS) that can allow a remote actor to elicit unintended memory contents from an affected system, resulting in network‑accessible information disclosure; administrators...

Microsoft’s advisory classifies CVE-2025-54901 as a buffer over-read (out‑of‑bounds read) in Microsoft Office Excel that can disclose process memory contents when a crafted spreadsheet is opened. Executive summary What it is: CVE-2025-54901 is an information‑disclosure vulnerability in...

A newly disclosed vulnerability in Windows Routing and Remote Access Service (RRAS) — tracked as CVE-2025-53806 in the Microsoft Security Response Center entry provided by the reporter — is an out‑of‑bounds read / buffer over‑read that can allow an attacker to obtain memory contents from an...

Note: below is a long-form, technically focused feature article about CVE-2025-53804. I drew on Microsoft’s official entry for this CVE and on Microsoft documentation and guidance about kernel-mode drivers and driver blocklists to explain the risk, likely exploitation paths, detection and...

Microsoft has assigned CVE-2025-53796 to a newly disclosed vulnerability in the Windows Routing and Remote Access Service (RRAS) that can cause a buffer over‑read / use of an uninitialized resource, allowing an attacker to disclose memory contents over a network; organizations that run RRAS as a...

Microsoft’s advisory identifies CVE-2025-53803 as a Windows Kernel memory information disclosure vulnerability: an error message generated by kernel code can contain sensitive kernel memory contents, allowing an authenticated local actor to read data that should remain protected. Background The...

Below is a detailed, publish-ready technical brief on the Windows Imaging Component information-disclosure issue you asked about. I’ve also checked the public advisories and noticed a likely mismatch in the CVE number you supplied — see the “Note on the CVE number” section first. Note on the CVE...

Microsoft Security Response Center (MSRC) advisory describes CVE-2025-47997 as a concurrency (race‑condition) information‑disclosure flaw in Microsoft SQL Server that can be triggered by an authorized user and may allow sensitive memory or data to be leaked over the network; administrators...