CVE-2025-49760

Published Jul 8, 2025

Last updated 2 months ago

CVSS low 3.5
Windows Storage

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-49760 is a spoofing vulnerability in Windows Storage that stems from external control of a file name or path. An authorized attacker could exploit this vulnerability over a network. The vulnerability exists in the Windows Remote Procedure Call (RPC) protocol. By manipulating a core component of the RPC protocol, an attacker can conduct an Endpoint Mapper (EPM) poisoning attack. This allows an unprivileged user to pose as a legitimate service and coerce a protected process to authenticate against an arbitrary server. Microsoft addressed this vulnerability in their July 2025 Patch Tuesday update.

Description
External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.
Source
secure@microsoft.com
NVD status
Analyzed
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Primary
Base score
3.5
Impact score
1.4
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

secure@microsoft.com
CWE-73

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #activedirectory EPM Poisoning (CVE-2025-49760): New Windows RPC Exploit Hijacks Services, Allowing Full Active Directory Compromise, PoC Releases https://t.co/WX6Hp6liMP

    @Komodosec

    18 Sept 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Hacking attempts on your device? DM now for risk free security solutions. #hacked #icloud #facebookdown #imessage #ransomware #snapchat #snapchatsupport #snapchatleak #hacking #discord #XboxSeriesX #XboxShare #roblox 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system

    @5g_rescue

    16 Sept 2025

    34 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Hacking attempts on your device? DM now for risk free security solutions. #hacked #icloud #facebookdown #imessage #ransomware #snapchat #snapchatsupport #snapchatleak #hacking #discord #XboxSeriesX #XboxShare #roblox 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system

    @Shadows_hacker

    9 Sept 2025

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. If your account is Hacked, or your Account is being tempered with, All you need is a Good hacker... Inbox now for all Hacking Services #Hacked #icloud #snapchat #Discord #Roblox #missingphone #privacy 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attack

    @PRIVATEHUNTERS1

    17 Aug 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. If your account is Hacked, or your Account is being tempered with, All you need is a Good hacker... Inbox now for all Hacking Services #Hacked #icloud #snapchat #Discord #Roblox #missingphone #privacy 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let https:

    @Shadows_hacker

    17 Aug 2025

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. به تازگی برای پروتکل RPC یا همان Remote Procedure Call در ویندوز ، آسیب پذیری با کد شناسایی CVE-2025-49760 منتشر شده است. این آسیب پذیری باعث ارتقای سطح دسترسی و سرقت اطلاعا

    @AmirHossein_sec

    14 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨Alert🚨 CVE-2025-49760 : New Windows RPC Exploit Hijacks Services, Allowing Full Active Directory Compromise 🧐Deep Dive :https://t.co/tSVWNKlbm1 📊231.6M Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/CyIRQG22AY 👇Query HUNTER

    @HunterMapping

    12 Aug 2025

    8130 Impressions

    50 Retweets

    151 Likes

    73 Bookmarks

    3 Replies

    0 Quotes

  8. Des chercheurs en cybersécurité dévoilent une chaîne d’exploitation d’une faille corrigée dans le protocole RPC de #Windows, permettant l’usurpation d’un serveur et l’élévation de privilèges. CVE-2025-49760, note 3.5 🛡️🔐 #CyberSecurity #IA #InnovationIA

    @meg_ai_fr

    11 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. WindowsのRPCプロトコルがサーバのなりすまし攻撃に使用可能。SafeBreach社報告。CVE-2025-49760はエンドポイントマッパーにおける競合状態に勝つとリクエストの解決先を攻撃者のサーバに書き換えられる。デモ用ツ

    @__kokumoto

    11 Aug 2025

    1629 Impressions

    6 Retweets

    16 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  10. 🔍 New Windows EPM Poisoning flaw could allow domain privilege escalation, CVE-2025-49760 patched in July 2025, read more: https://t.co/AR3YT97J6O https://t.co/gNJsW2LJxI

    @sctocs25

    10 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-49760は、Microsoft WindowsのRPC(Remote Procedure Call)通信におけるEPM(Endpoint Mapper)を悪用したスプーフィング脆弱性である。 Windows

    @yousukezan

    10 Aug 2025

    1444 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. 📌 بحث الباحثون عن ثغرة في بروتوكول "Windows RPC" تسمح لهجمات انتحال الهوية ورفع الامتيازات للمهاجمين. الثغرة، المعروفة باسم CVE-2025-49760، حصلت على تقييم 3.5، وقد تم

    @Cybercachear

    10 Aug 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Critical Windows RPC protocol vulnerability allows spoofing. Microsoft addresses under CVE-2025-49760. Stay updated. https://t.co/VRdGGZG62W

    @threatlight

    10 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attackers pretend to be trusted services—like hijacking DNS, but inside your OS. The wild part? Even Windows Defender’s ID could be spoofed. Here’s how the EPM poisoning attack w... https://t.co/AIJn

    @IT_news_for_all

    10 Aug 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🔥 Windows had a hole [CVE-2025-49760] in its core RPC system that let attackers pretend to be trusted services—like hijacking DNS, but inside your OS. The wild part? Even Windows Defender’s ID could be spoofed. Here’s how the EPM poisoning attack worked ↓ https://t.c

    @TheHackersNews

    10 Aug 2025

    29299 Impressions

    83 Retweets

    249 Likes

    103 Bookmarks

    2 Replies

    2 Quotes

Configurations

References

Sources include official advisories and independent security research.