CVE-2025-49740
Published: 08 July 2025
Summary
CVE-2025-49740 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Mark-of-the-Web Bypass (T1553.005); ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
Protection mechanism failure in Windows SmartScreen permits an unauthorized attacker to bypass a security feature over a network. The vulnerability is tracked as CVE-2025-49740 with a CVSS 3.1 base score of 8.8 and is associated with CWE-693. It affects the SmartScreen component in Windows.
An attacker with no privileges can exploit the flaw remotely by delivering content that triggers the bypass, provided the victim performs a required user interaction. Successful exploitation can result in high impact to confidentiality, integrity, and availability on the target system.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 supplies official mitigation guidance and patch information. The associated EPSS score remains flat at 0.0115 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20537
Vulnerability details
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct SmartScreen/MOTW bypass via protection mechanism failure enables T1553.005.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the protection mechanism failure in Windows SmartScreen by requiring timely application of vendor patches for this specific CVE.
Enables proactive identification of the Windows SmartScreen vulnerability through regular vulnerability scanning, facilitating patch deployment before exploitation.
Provides layered malicious code protection mechanisms that detect and block exploits even if SmartScreen is bypassed, reducing impact on confidentiality, integrity, and availability.