Cyber Resilience

CVE-2025-49740

High

Published: 08 July 2025

Published
08 July 2025
Modified
17 July 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0115 79.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-49740 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Mark-of-the-Web Bypass (T1553.005); ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

Protection mechanism failure in Windows SmartScreen permits an unauthorized attacker to bypass a security feature over a network. The vulnerability is tracked as CVE-2025-49740 with a CVSS 3.1 base score of 8.8 and is associated with CWE-693. It affects the SmartScreen component in Windows.

An attacker with no privileges can exploit the flaw remotely by delivering content that triggers the bypass, provided the victim performs a required user interaction. Successful exploitation can result in high impact to confidentiality, integrity, and availability on the target system.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49740 supplies official mitigation guidance and patch information. The associated EPSS score remains flat at 0.0115 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1553.005 Mark-of-the-Web Bypass Defense Impairment
Adversaries may abuse specific file formats to subvert Mark-of-the-Web (MOTW) controls.
Why these techniques?

Direct SmartScreen/MOTW bypass via protection mechanism failure enables T1553.005.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24061Same product: Microsoft Windows 10 1507
CVE-2026-32225Same product: Microsoft Windows 10 1607
CVE-2026-21510Same product: Microsoft Windows 10 1607
CVE-2026-21513Same product: Microsoft Windows 10 1607
CVE-2026-32202Same product: Microsoft Windows 10 1607
CVE-2025-21276Same product: Microsoft Windows 10 1507
CVE-2025-21248Same product: Microsoft Windows 10 1507
CVE-2025-21358Same product: Microsoft Windows 10 1507
CVE-2025-21241Same product: Microsoft Windows 10 1507
CVE-2025-21299Same product: Microsoft Windows 10 1507

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21073 · ≤ 10.0.10240.21073
microsoft
windows 10 1607
≤ 10.0.14393.8246 · ≤ 10.0.14393.8246
microsoft
windows 10 1809
≤ 10.0.17763.7558 · ≤ 10.0.17763.7558
microsoft
windows 10 21h2
≤ 10.0.19044.6093
microsoft
windows 10 22h2
≤ 10.0.19045.6093
microsoft
windows 11 22h2
≤ 10.0.22621.5624
microsoft
windows 11 23h2
≤ 10.0.22631.5624
microsoft
windows 11 24h2
≤ 10.0.26100.4652
microsoft
windows server 2016
≤ 10.0.14393.8246
microsoft
windows server 2019
≤ 10.0.17763.7558
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the protection mechanism failure in Windows SmartScreen by requiring timely application of vendor patches for this specific CVE.

detect

Enables proactive identification of the Windows SmartScreen vulnerability through regular vulnerability scanning, facilitating patch deployment before exploitation.

preventdetect

Provides layered malicious code protection mechanisms that detect and block exploits even if SmartScreen is bypassed, reducing impact on confidentiality, integrity, and availability.

References