CVE-2025-49684

Q: What is the severity of CVE-2025-49684?

CVE-2025-49684 has a CVSS score of 5.5 (MEDIUM). This vulnerability is a buffer over-read in the Storage Port Driver that allows an authenticated attacker to read beyond allocated memory boundaries, potentially exposing sensitive information from kernel memory. It affects systems running vulnerable versions of Microsoft Windows with the affected driver. Only local attackers with valid credentials can exploit this vulnerability.

5.5 MEDIUM

📋 TL;DR

This vulnerability is a buffer over-read in the Storage Port Driver that allows an authenticated attacker to read beyond allocated memory boundaries, potentially exposing sensitive information from kernel memory. It affects systems running vulnerable versions of Microsoft Windows with the affected driver. Only local attackers with valid credentials can exploit this vulnerability.

💻 Affected Systems

Products:

Microsoft Windows Storage Port Driver

Versions: Specific versions not detailed in reference; check Microsoft advisory for exact affected versions

Operating Systems: Microsoft Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access; affects systems with the vulnerable Storage Port Driver component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read kernel memory containing sensitive information such as passwords, encryption keys, or other system data, potentially enabling further attacks or data exfiltration.

🟠

Likely Case

Information disclosure of kernel memory contents, which could reveal system information or memory layout that aids in developing other exploits.

🟢

If Mitigated

Limited information disclosure with no direct code execution or system compromise if proper access controls are in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring authenticated access to the system.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this to gather system information for further attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of driver interaction; buffer over-read vulnerabilities typically require specific conditions to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update for specific patch version

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49684

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Ensure Windows Update is configured to receive security patches. 3. Restart the system after patch installation.

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user accounts and implement strict access controls to reduce attack surface

Disable unnecessary storage drivers

windows

If Storage Port Driver is not required, consider disabling it through Device Manager

🧯 If You Can't Patch

Implement strict access controls and limit local user accounts
Monitor for suspicious local activity and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for applied security patches or use Microsoft's Security Update Guide

Check Version:

wmic os get version

Verify Fix Applied:

Verify the latest Windows security updates are installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual driver access patterns in System logs
Failed driver operations or crashes

Network Indicators:

No network indicators as this is a local vulnerability

SIEM Query:

EventID=7036 OR EventID=1000 OR EventID=1001 with source containing storage port driver

📊 Metadata

CVE ID: CVE-2025-49684

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-126

EPSS Score: 0.05% exploit probability (16th percentile)

Published: July 8, 2025

Last Updated: July 15, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49684 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft