information disclosure

  1. CVE-2025-59203: Windows State Repository Info Disclosure Patch and Mitigation

    Microsoft has published a security advisory for CVE-2025-59203, a Windows State Repository API Server file information disclosure vulnerability that can cause sensitive data to be written into log files and read by an authorized local actor; Microsoft’s published CVSS v3.1 vector for the issue...
  2. CVE-2025-2884: TPM 2.0 OOB Read in CryptHmacSign and Supply Chain Risk

    A newly recorded vulnerability, tracked as CVE‑2025‑2884, exposes an out‑of‑bounds read in the Trusted Computing Group (TCG) TPM 2.0 reference implementation — specifically within the CryptHmacSign helper — and the flaw can allow sensitive memory contents or secrets to be leaked from affected...
  3. CVE-2025-59260: Mitigating Local Information Disclosure in Failover Cluster

    Microsoft has confirmed CVE-2025-59260 as a local information‑disclosure vulnerability in the Microsoft Failover Cluster virtual driver that can write sensitive cluster state into log files or otherwise expose privileged configuration data to low‑privileged local actors, and Microsoft has...
  4. CVE-2025-59209 Local Info Disclosure Patch Guide for Windows Push Notification Core

    Microsoft has recorded CVE-2025-59209 as an information disclosure vulnerability in the Windows Push Notification Core that can permit a low-privilege, authorized local actor to obtain sensitive information from a host; the advisory classifies the flaw as local-only with a medium CVSS v3.1 score...
  5. CVE-2025-59184: Local Information Disclosure in Windows S2D HA Services

    Microsoft has assigned CVE‑2025‑59184 to an information‑disclosure weakness in Windows High Availability Services (the subsystem that underpins Storage Spaces Direct and related cluster features), warning that a low‑privileged, local actor can disclose sensitive information from an affected...
  6. CVE-2025-59188 Information Disclosure in Microsoft Failover Cluster Patch and Harden

    Microsoft has published a security advisory for CVE-2025-59188, an information-disclosure vulnerability in Microsoft Failover Cluster that can allow a low‑privilege, local actor to read sensitive information written to cluster diagnostic/log files; a vendor fix is available and the vulnerability...
  7. CVE-2025-58720: Local Information Disclosure in Windows Cryptographic Services

    On October 14, 2025 Microsoft recorded CVE-2025-58720, an information‑disclosure vulnerability in Windows Cryptographic Services that stems from the “use of a cryptographic primitive with a risky implementation” and can allow an authorized local attacker to disclose sensitive information on...
  8. CVE-2025-55699: Patch Windows Kernel Info Disclosure Now

    Microsoft has recorded CVE-2025-55699 as a Windows Kernel information‑disclosure vulnerability and published a security update on October 14, 2025 that Microsoft says fixes an issue where an authorized local actor can disclose sensitive kernel memory under certain conditions — administrators...
  9. Patch CVE-2025-55679: Windows Kernel Local Info Disclosure (High Priority)

    Microsoft has published an advisory and a security update for CVE-2025-55679, a Windows Kernel information‑disclosure vulnerability that permits a local actor to obtain sensitive system memory under certain conditions — and administrators should treat it as a high-priority remediation for...
  10. CVE-2025-55248 Information Disclosure in .NET and Visual Studio Fixed in Oct 2025

    Microsoft has confirmed an information‑disclosure vulnerability affecting .NET, .NET Framework and Visual Studio — tracked as CVE‑2025‑55248 — and published cumulative security updates on October 14, 2025 to address it; public vulnerability trackers rate the flaw as medium (CVSS 3.1 = 4.8) and...
  11. CVE-2025-59294: Windows Taskbar Live Preview Information Disclosure and Patch Guide

    Microsoft’s advisory that assigns CVE‑2025‑59294 to a Windows Taskbar Live Preview information‑disclosure issue is a reminder that even seemingly cosmetic UI features can leak sensitive data when combined with physical access or weak endpoint physical security. Background / Overview The...
  12. CVE-2025-55336 Info Disclosure in Windows Cloud Files Driver Patch Guide

    Microsoft has recorded CVE-2025-55336 — an information-disclosure vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that permits an authorized local actor to read sensitive data from affected hosts; the issue is assigned a CVSS v3.1 base score of 5.5 (Medium) and Microsoft...
  13. CVE-2025-47979: Windows Failover Cluster Information Disclosure Patch Guide

    Microsoft has published an advisory identifying CVE-2025-47979, an information-disclosure vulnerability in Windows Failover Cluster that can cause sensitive data to be written into cluster log files and thereby exposed to a local, low‑privilege attacker; the issue is scored CVSS 3.1 = 5.5...
  14. CVE-2025-59211: Local Information Disclosure in Windows Push Notification Core

    Microsoft’s advisory for CVE-2025-59211 documents an information disclosure flaw in the Windows Push Notification Core that allows a low‑privilege, authorized local actor to obtain sensitive data from the system — a vulnerability Microsoft classifies as local, low‑privilege, high‑confidentiality...
  15. CVE-2025-59204 Information Disclosure in Windows Management Service Mitigation Guide

    Microsoft’s Security Update Guide lists CVE-2025-59204 as an information‑disclosure issue tied to the Windows Management Service, a privileged management‑plane component, and the advisory (as published in Microsoft’s interactive MSRC update guide) frames the vulnerability as presenting an...
  16. CVE-2025-58717 RRAS memory disclosure vulnerability - urgent patch and guidance

    Microsoft’s security advisory for CVE‑2025‑58717 warns of an out‑of‑bounds read vulnerability in the Windows Routing and Remote Access Service (RRAS) that can cause RRAS to disclose process memory to a remote caller — an information‑disclosure bug that demands immediate inventory, targeted...
  17. CVE-2025-55700: RRAS Information Disclosure via Out-of-Bounds Read (Windows Server)

    Microsoft has published an advisory for CVE-2025-55700: an out‑of‑bounds read in the Windows Routing and Remote Access Service (RRAS) that can allow a remote actor to elicit unintended memory contents from an affected system, resulting in network‑accessible information disclosure; administrators...
  18. Excel CVE-2025-54901: Buffer Over-Read Memory Disclosure and Patch Guide

    Microsoft’s advisory classifies CVE-2025-54901 as a buffer over-read (out‑of‑bounds read) in Microsoft Office Excel that can disclose process memory contents when a crafted spreadsheet is opened. Executive summary What it is: CVE-2025-54901 is an information‑disclosure vulnerability in...
  19. RRAS CVE-2025-53806: Windows VPN Memory Disclosure Patch

    A newly disclosed vulnerability in Windows Routing and Remote Access Service (RRAS) — tracked as CVE-2025-53806 in the Microsoft Security Response Center entry provided by the reporter — is an out‑of‑bounds read / buffer over‑read that can allow an attacker to obtain memory contents from an...
  20. CVE-2025-53804: Windows Kernel Driver Info Disclosure—What Admins Must Do

    Note: below is a long-form, technically focused feature article about CVE-2025-53804. I drew on Microsoft’s official entry for this CVE and on Microsoft documentation and guidance about kernel-mode drivers and driver blocklists to explain the risk, likely exploitation paths, detection and...