A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems.
The vulnerability, tracked as CVE-2025-62468, was assigned an Important severity rating and released on December 9, 2025.
The flaw stems from an out-of-bounds read condition in the Windows Defender Firewall Service component.
According to Microsoft’s security advisory, an authorized attacker with high-level privileges can exploit this vulnerability to read portions of heap memory without user interaction.
The vulnerability impacts the confidentiality of stored information but does not affect system integrity or availability. The vulnerability carries a CVSS v3.1 base score of 4.4.
| CVE ID | CNA | Impact | CVSS Score |
|---|---|---|---|
| CVE-2025-62468 | Microsoft | Information Disclosure | 4.4 |
Classified with the following characteristics: local attack vector, low attack complexity, high privileges required, and no user interaction needed.
Microsoft assessed the likelihood of exploitation as unlikely, with no public exploit code or active exploitation reported at the time of disclosure.
Microsoft released security updates addressing CVE-2025-62468 across multiple Windows platforms.
Affected ProductsÂ
| Product | KB Article | Build Numbers |
|---|---|---|
| Windows Server 2025 | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows 11 Version 24H2 (x64) | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows 11 Version 24H2 (ARM64) | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows Server 2022 23H2 (Server Core) | KB5071542 | 10.0.25398.2025 |
| Windows 11 Version 23H2 (x64) | KB5071417 | 10.0.22631.6345 |
| Windows 11 Version 23H2 (ARM64) | KB5071417 | 10.0.22631.6345 |
| Windows 11 Version 25H2 (x64) | KB5072033, KB5072014 | 10.0.26200.7462 / 10.0.26200.7392 |
| Windows 11 Version 25H2 (ARM64) | KB5072033, KB5072014 | 10.0.26200.7462 / 10.0.26200.7392 |
The patches are available for Windows Server 2025, Windows Server 2022, Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows 11 Version 23H2 on both x64 and ARM64-based systems.
Organizations can obtain the necessary patches through Microsoft Update or the Microsoft Update Catalog. Windows Server 2025 and recent Windows 11 versions received two types of updates.
Standard security updates and security hotpatch updates, allowing flexibility in deployment strategies. Administrators should promptly apply security updates to mitigate exposure risks.
The vulnerability requires high-level privilege escalation, limiting the immediate threat scope. But underscores the importance of restricting administrative access and monitoring privileged user activities.
The out-of-bounds read weakness (CWE-125) allows attackers to access memory regions beyond intended boundaries. Successfully exploiting this vulnerability requires membership in specific user groups with elevated permissions.
Making this a targeted threat, primarily affecting organizations with strict access controls and privileged-user monitoring protocols.
Security researchers from Kunlun Lab deserve credit for responsibly disclosing this vulnerability to Microsoft through coordinated disclosure channels.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
