CVE-2025-62456
Published: 09 December 2025
Summary
CVE-2025-62456 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 11 23H2. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 25.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62456 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows Resilient File System (ReFS). This flaw resides in a core component of Windows systems that support ReFS, a Microsoft file system designed for resilience and scalability. The vulnerability was published on 2025-12-09 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility and significant impact potential.
An authorized attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables arbitrary code execution, granting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).
The Microsoft Security Response Center provides an update guide for CVE-2025-62456 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62456, which addresses mitigation and patching details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-202254
Vulnerability details
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in ReFS allows low-privileged remote authenticated attacker to achieve arbitrary code execution, directly mapping to Exploitation for Privilege Escalation (T1068) and Exploitation of Remote Services (T1210).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates identification, reporting, and timely remediation of flaws like the heap-based buffer overflow in Windows ReFS via patching.
Implements memory protection mechanisms such as DEP and ASLR that directly mitigate exploitation of heap-based buffer overflows.
Requires validation of information inputs to ReFS over the network to prevent buffer overflows from malformed file system operations.