CVE-2025-50158

Q: What is the severity of CVE-2025-50158?

CVE-2025-50158 has a CVSS score of 7.0 (HIGH). A time-of-check time-of-use race condition vulnerability in Windows NTFS allows local attackers to read unauthorized files or memory contents. This affects Windows systems with NTFS file systems where an attacker has local access. The vulnerability enables information disclosure through race condition exploitation.

7.0 HIGH

📋 TL;DR

A time-of-check time-of-use race condition vulnerability in Windows NTFS allows local attackers to read unauthorized files or memory contents. This affects Windows systems with NTFS file systems where an attacker has local access. The vulnerability enables information disclosure through race condition exploitation.

💻 Affected Systems

Products:

Windows

Versions: Windows versions with NTFS support (specific affected versions not yet detailed in public advisory)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All Windows systems using NTFS file systems are potentially affected. The vulnerability requires local access to exploit.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized access to sensitive system files, credentials, or memory contents, potentially leading to privilege escalation or lateral movement.

🟠

Likely Case

Local attacker reads files they shouldn't have access to, potentially exposing sensitive data or configuration information.

🟢

If Mitigated

Limited impact with proper access controls, monitoring, and isolation of sensitive systems.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers on compromised systems could leverage this for information gathering and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and precise timing to win the race condition. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50158

Restart Required: Yes

Instructions:

1. Check Microsoft Security Update Guide for CVE-2025-50158. 2. Apply the latest Windows security updates from Windows Update. 3. Restart the system to complete installation.

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user access to sensitive systems and implement principle of least privilege

Enable auditing

windows

Enable file system auditing to detect suspicious access patterns

auditpol /set /subcategory:"File System" /success:enable /failure:enable

🧯 If You Can't Patch

Implement strict access controls and limit local user privileges
Monitor for unusual file access patterns and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for CVE-2025-50158 patch installation or run 'systeminfo' to check OS version against patched versions

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify patch installation through Windows Update history or check that system is running a version after the patch release date

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns, multiple rapid file operations from same process
Security event logs showing file access failures followed by successes

Network Indicators:

Not network exploitable - focus on local system monitoring

SIEM Query:

EventID=4663 AND ObjectType="File" AND AccessMask="0x1" | stats count by ProcessName, ObjectName | where count > threshold

📊 Metadata

CVE ID: CVE-2025-50158

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.05% exploit probability (13.5th percentile)

Published: August 12, 2025

Last Updated: August 14, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50158 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

Windows Server 2025 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

Enable auditing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities