CVE-2025-49723
Published: 08 July 2025
Summary
CVE-2025-49723 is a high-severity Missing Authorization (CWE-862) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 38.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates enforcement of approved authorizations for access to system resources, addressing the core missing authorization vulnerability in the Windows StateRepository API.
Enforces least privilege to restrict low-privilege local attackers from performing high-impact tampering actions enabled by the API flaw.
Requires a tamperproof reference monitor to enforce access control policies, mitigating unauthorized tampering through the vulnerable StateRepository API.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization in Windows StateRepository API enables low-privileged local tampering and system state modification, directly facilitating exploitation for privilege escalation.
NVD Description
Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.
Deeper analysisAI
CVE-2025-49723 is a missing authorization vulnerability, classified under CWE-862, in the Windows StateRepository API. This issue affects Microsoft Windows systems and was published on 2025-07-08 with a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.
The vulnerability enables a local authorized attacker with low privileges to perform tampering. Exploitation requires local access, low attack complexity, and no user interaction, but achieves a changed scope that amplifies impacts to high levels, allowing the attacker to read sensitive data, modify system state, and potentially disrupt availability.
Mitigation guidance is available in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49723.
Details
- CWE(s)