CVE-2025-49723
Published: 08 July 2025
Summary
CVE-2025-49723 is a high-severity Missing Authorization (CWE-862) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 32.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-49723 is a missing authorization vulnerability, classified under CWE-862, in the Windows StateRepository API. This issue affects Microsoft Windows systems and was published on 2025-07-08 with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
The vulnerability enables a local authorized attacker with low privileges to perform tampering. Exploitation requires local access, low attack complexity, and no user interaction, but achieves a changed scope that amplifies impacts to high levels, allowing the attacker to read sensitive data, modify system state, and potentially disrupt availability.
Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49723.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20623
Vulnerability details
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in Windows StateRepository API enables low-privileged local tampering and system state modification, directly facilitating exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates enforcement of approved authorizations for access to system resources, addressing the core missing authorization vulnerability in the Windows StateRepository API.
Enforces least privilege to restrict low-privilege local attackers from performing high-impact tampering actions enabled by the API flaw.
Requires a tamperproof reference monitor to enforce access control policies, mitigating unauthorized tampering through the vulnerable StateRepository API.