CVE-2025-29956

Published May 13, 2025
Last updated a month ago
CVSS medium 5.4
Overview

Description: Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 4.2
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L
Severity: MEDIUM
Weaknesses

secure@microsoft.com: CWE-126
nvd@nist.gov: CWE-125
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "0B6B5CAA-8A5A-4676-BC01-CD97BDCE5763",
            "versionEndExcluding": "10.0.10240.21014"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "4E77111E-B41A-4E88-AC0B-2EBEC9E042FF",
            "versionEndExcluding": "10.0.10240.21014"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "A725E104-8456-4AE8-9A9D-10127FC36BDE",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "4720EC2C-1371-4D1F-80E6-7804D079C183",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "63199B82-79B6-461A-AC6D-CD1EE5EBCC80",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "C7D99F6B-B97B-4010-AA5C-84E9FE50D860",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "8047D88E-3BAD-4DCE-A1CD-68BEBEE06D50",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "66B77F75-39F2-46EE-BC6F-06650808568E",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "63101BFA-2F60-49BD-8E03-6F13FA9A106D",
            "versionEndExcluding": "10.0.19044.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "26BA0DF8-5B45-4B1D-A5F2-3D3B7A60AF90",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "404F532F-861B-42E0-B31D-325E5CFEE8EC",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "2A951F53-2D80-44A8-ADE4-9E26702BB76E",
            "versionEndExcluding": "10.0.19045.5854"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "CA321DC2-D196-4C81-87E8-B1A240A75CB8",
            "versionEndExcluding": "10.0.22621.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "CA476FFD-741C-4534-AA84-BA3511AE1413",
            "versionEndExcluding": "10.0.22621.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "28D1BDF2-8DF7-48DF-BBF7-E5DE3EF243D1",
            "versionEndExcluding": "10.0.22631.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "3F66E394-51B6-48B2-AFF6-A45007E654AD",
            "versionEndExcluding": "10.0.22631.5335"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "4448191F-2152-4E7F-8D4A-4EE7ED6657D6",
            "versionEndExcluding": "10.0.26100.4061"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE8E58A-59AA-4649-8C0F-0DB11A1D1936",
            "versionEndExcluding": "10.0.26100.4061"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91433700-DB90-4524-8FAE-FF3895C2A45F",
            "versionEndExcluding": "10.0.14393.8066"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B47EE2B-4081-4D43-8AF7-C8EB11852312",
            "versionEndExcluding": "10.0.17763.7314"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76679D4E-C4EF-4EED-BCDE-79F5AF859576",
            "versionEndExcluding": "10.0.20348.3692"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9B2720-3733-4C50-85F7-156D781D15B8",
            "versionEndExcluding": "10.0.25398.1611"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE51E4F-FCFF-4DC0-9B76-861EE20D54A4",
            "versionEndExcluding": "10.0.26100.4061"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
