Login Sign Up

CVE-2025-58730

7.0 HIGH

📋 TL;DR

CVE-2025-58730 is a use-after-free vulnerability in Inbox COM Objects that allows an unauthorized attacker to execute arbitrary code on the local system. This affects Windows systems with vulnerable COM components, potentially enabling local privilege escalation or remote code execution if combined with other vulnerabilities.

💻 Affected Systems

Products:
  • Microsoft Windows
Versions: Specific versions not yet detailed in initial advisory
Operating Systems: Windows 10, Windows 11, Windows Server 2016+, Windows Server 2022
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with vulnerable COM object implementations; exact component versions pending Microsoft update guidance.

📦 What is this software?

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 23h2 by Microsoft

View all CVEs affecting Windows 11 23h2 →

Windows 11 24h2 by Microsoft

View all CVEs affecting Windows 11 24h2 →

Windows 11 25h2 by Microsoft

View all CVEs affecting Windows 11 25h2 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

Windows Server 2022 23h2 by Microsoft

View all CVEs affecting Windows Server 2022 23h2 →

Windows Server 2025 by Microsoft

View all CVEs affecting Windows Server 2025 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining SYSTEM privileges, installing persistent malware, or pivoting to other systems on the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, access sensitive data, or maintain persistence on compromised systems.

🟢

If Mitigated

Limited impact with proper endpoint protection, application control, and restricted user privileges preventing successful exploitation.

🌐 Internet-Facing: LOW - Requires local access or combination with another vulnerability for remote exploitation.
🏢 Internal Only: HIGH - Local attackers or malware with initial foothold can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or initial foothold; use-after-free vulnerabilities typically require precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58730

Restart Required: Yes

Instructions:

1. Apply latest Windows security updates via Windows Update. 2. For enterprise: Deploy patches through WSUS or Microsoft Endpoint Configuration Manager. 3. Verify patch installation with systeminfo or Get-HotFix PowerShell command.

🔧 Temporary Workarounds

Restrict COM Object Access

windows

Limit access to vulnerable COM objects via Component Services administrative tool

dcomcnfg.exe
Navigate to Component Services > Computers > My Computer > DCOM Config

Enable Exploit Protection

windows

Use Windows Defender Exploit Guard to mitigate memory corruption attacks

Set-ProcessMitigation -PolicyFilePath exploit_protection.xml

🧯 If You Can't Patch

  • Implement strict application control policies to prevent unauthorized code execution
  • Enforce principle of least privilege and use standard user accounts instead of administrative accounts

🔍 How to Verify

Check if Vulnerable:

Check system for missing security updates related to COM components; review Microsoft Security Update Guide for affected versions.

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB patch is installed via 'systeminfo | findstr KB' or 'Get-HotFix -Id KBxxxxxxx' in PowerShell.

📡 Detection & Monitoring

Log Indicators:

  • Unusual COM object activation events in Windows Event Logs
  • Process creation from COM-related executables with suspicious parent processes

Network Indicators:

  • Lateral movement attempts following local exploitation
  • Command and control traffic from newly elevated processes

SIEM Query:

EventID=4688 AND (NewProcessName="*\cmd.exe" OR NewProcessName="*\powershell.exe") AND ParentProcessName="*\dllhost.exe"

📊 Metadata

CVE ID: CVE-2025-58730
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.13% exploit probability (32.4th percentile)
Published: October 14, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58730, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)