Cyber Posture

CVE-2025-49740

High

Published: 08 July 2025

Published
08 July 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0100 77.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49740 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Mark-of-the-Web Bypass (T1553.005); ranked in the top 22.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Mark-of-the-Web Bypass (T1553.005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the protection mechanism failure in Windows SmartScreen by requiring timely application of vendor patches for this specific CVE.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Enables proactive identification of the Windows SmartScreen vulnerability through regular vulnerability scanning, facilitating patch deployment before exploitation.

SI-3 Malicious Code Protection partial match
preventdetect

Provides layered malicious code protection mechanisms that detect and block exploits even if SmartScreen is bypassed, reducing impact on confidentiality, integrity, and availability.

MITRE ATT&CK Enterprise TechniquesAI

T1553.005 Mark-of-the-Web Bypass Defense Impairment
Adversaries may abuse specific file formats to subvert Mark-of-the-Web (MOTW) controls.
attack.mitre.org →
Why these techniques?

Direct SmartScreen/MOTW bypass via protection mechanism failure enables T1553.005.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Deeper analysisAI

CVE-2025-49740 is a protection mechanism failure in Windows SmartScreen that allows an unauthorized attacker to bypass a security feature over a network. This vulnerability affects the Windows SmartScreen component and was published on 2025-07-08 with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It is associated with CWE-693 (Protection Mechanism Failure).

The vulnerability can be exploited by an unauthorized attacker with network access, requiring low attack complexity and no privileges, though user interaction is necessary. Successful exploitation enables the attacker to bypass Windows SmartScreen protections, potentially leading to high impacts on confidentiality, integrity, and availability.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 provides guidance on patches and mitigation steps.

Details

CWE(s)
CWE-693

Affected Products

microsoft
windows 10 1507
≤ 10.0.10240.21073 · ≤ 10.0.10240.21073
microsoft
windows 10 1607
≤ 10.0.14393.8246 · ≤ 10.0.14393.8246
microsoft
windows 10 1809
≤ 10.0.17763.7558 · ≤ 10.0.17763.7558
microsoft
windows 10 21h2
≤ 10.0.19044.6093
microsoft
windows 10 22h2
≤ 10.0.19045.6093
microsoft
windows 11 22h2
≤ 10.0.22621.5624
microsoft
windows 11 23h2
≤ 10.0.22631.5624
microsoft
windows 11 24h2
≤ 10.0.26100.4652
microsoft
windows server 2016
≤ 10.0.14393.8246
microsoft
windows server 2019
≤ 10.0.17763.7558
+3 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-24061Same product: Microsoft Windows 10 1507
CVE-2026-32225Same product: Microsoft Windows 10 1607
CVE-2026-21510Same product: Microsoft Windows 10 1607
CVE-2026-21513Same product: Microsoft Windows 10 1607
CVE-2026-32202Same product: Microsoft Windows 10 1607
CVE-2025-21276Same product: Microsoft Windows 10 1507
CVE-2025-21239Same product: Microsoft Windows 10 1507
CVE-2025-21358Same product: Microsoft Windows 10 1507
CVE-2025-21299Same product: Microsoft Windows 10 1507
CVE-2025-21391Same product: Microsoft Windows 10 1507

References