CVE-2025-49728

Published Sep 16, 2025

Last updated 6 months ago

CVSS medium 4.0

Overview

Description
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
Source
secure@microsoft.com
NVD status
Undergoing Analysis
Products
pc_manager

Risk scores

CVSS 3.1

Type
Primary
Base score
4
Impact score
1.4
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

secure@microsoft.com
CWE-312

Social media

Hype score
Not currently trending

  1. CVE-2025-49728 Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally. https://t.co/JeOP760qmr

    @CVEnew

    17 Sept 2025

    152 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.CVE-2025-49738
  2. Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.CVE-2025-46014
  3. Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.CVE-2025-29975
  4. Microsoft PC Manager Elevation of Privilege VulnerabilityCVE-2025-21322
  5. Microsoft PC Manager Elevation of Privilege VulnerabilityCVE-2024-49051

References

Sources include official advisories and independent security research.