Information Disclosure Vulnerability in Windows Cryptographic Services by Microsoft
CVE-2025-29808

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Server 2022
Vendor: CVE Published:; 8 April 2025

Summary

An information disclosure vulnerability exists in the Windows Cryptographic Services due to the use of a cryptographic primitive with a risky implementation. This flaw allows authorized attackers to exploit the system, potentially exposing sensitive information locally. Organizations using affected versions of Windows must take necessary precautions to mitigate the risk associated with this vulnerability, ensuring their systems are updated as per vendor advisories.

Affected Version(s)

Windows Server 2022 x64-based Systems 10.0.20348.0 < 10.0.20348.3453

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 11, 2025