CVE-2025-27741
Published: 08 April 2025
Summary
CVE-2025-27741 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-27741 is an out-of-bounds read vulnerability, tracked under CWE-125, that affects the NTFS component of Windows. The flaw carries a CVSS 3.1 score of 7.8 and permits an attacker to read memory beyond intended bounds, which can be leveraged to corrupt or disclose sensitive kernel data structures.
An unauthorized local attacker can trigger the issue by supplying a malicious file or disk image that a user opens or mounts, satisfying the UI:R requirement in the CVSS vector. Successful exploitation grants the attacker local elevation of privileges with high impact to confidentiality, integrity, and availability, all without needing prior credentials on the target system.
Microsoft has published an advisory for CVE-2025-27741 at the referenced MSRC URL that addresses remediation steps. The associated EPSS score remains low and unchanged at 0.0162, indicating no material increase in observed exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10141
Vulnerability details
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.