Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems.
The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates.
This information disclosure vulnerability poses a risk to organizations that rely on standard Windows security configurations, prompting administrators to prioritize immediate patch management.
| Metric | Detail |
|---|---|
| CVE ID | CVE-2025-62468 |
| Vulnerability Name | Windows Defender Firewall Service Information Disclosure Vulnerability |
| Release Date | Dec 9, 2025 |
| CVSS Score | 4.4 (Medium) |
Technical Analysis of the Flaw
The vulnerability is rooted in an “Out-of-bounds Read” weakness, technically classified as CWE-125.
This type of memory corruption error occurs when a program reads data beyond the intended buffer’s end (or before its beginning).
In the context of the Windows Defender Firewall, this flaw allows the service to read memory locations that should be restricted.
If an attacker successfully exploits this vulnerability, they can potentially view sensitive data residing in the process memory that was not intended to be accessible.
However, the exploitation path has specific constraints that reduce the immediate likelihood of widespread automated attacks.
According to the CVSS metrics provided by Microsoft, the attack vector is “Local,” meaning a threat actor must already have access to the target machine. Furthermore, the vulnerability requires “High” privileges to exploit.
This suggests that an attacker would likely need to have already compromised the system to some degree or possess administrative credentials to trigger the flaw and read the protected memory.
Microsoft has rated the severity of this issue as “Important” rather than “Critical,” mainly because of the high privilege requirements.
The Common Vulnerability Scoring System (CVSS) assigns it a base score of 4.4. Despite the lower score, the impact on confidentiality is rated as “High,” meaning the data obtained could be significant.
There is no requirement for user interaction, which means the exploit can run in the background once the attacker has established the necessary access.
Security teams are advised to review the vulnerability details below and apply the December 9, 2025, security updates to all affected Windows endpoints.
Ensuring that the Windows Defender Firewall service is up to date mitigates the risk of attackers exploiting this memory corruption bug to harvest sensitive system information.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.