CVE-2025-62456
Published: 09 December 2025
Summary
CVE-2025-62456 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 11 23H2. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and timely remediation of flaws like the heap-based buffer overflow in Windows ReFS via patching.
Implements memory protection mechanisms such as DEP and ASLR that directly mitigate exploitation of heap-based buffer overflows.
Requires validation of information inputs to ReFS over the network to prevent buffer overflows from malformed file system operations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in ReFS allows low-privileged remote authenticated attacker to achieve arbitrary code execution, directly mapping to Exploitation for Privilege Escalation (T1068) and Exploitation of Remote Services (T1210).
NVD Description
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
Deeper analysisAI
CVE-2025-62456 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows Resilient File System (ReFS). This flaw resides in a core component of Windows systems that support ReFS, a Microsoft file system designed for resilience and scalability. The vulnerability was published on 2025-12-09 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting its high severity due to network accessibility and significant impact potential.
An authorized attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation enables arbitrary code execution, granting high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).
The Microsoft Security Response Center provides an update guide for CVE-2025-62456 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62456, which addresses mitigation and patching details.
Details
- CWE(s)