CVE-2025-48808: 
vulnerability analysis and mitigation

A Windows Kernel vulnerability identified as CVE-2025-48808 was discovered and disclosed on July 8, 2025. This security flaw involves the exposure of sensitive information to unauthorized actors, specifically affecting the Windows Kernel component. The vulnerability allows an authorized attacker to disclose information locally (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. It is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability affects multiple versions of Windows operating systems, including Windows Server 2008, 2012, 2016, 2019, 2022, Windows 10, and Windows 11 versions (NVD).

The vulnerability primarily impacts the confidentiality of the affected systems, with no direct effect on integrity or availability. When exploited, it allows authorized attackers to access sensitive information locally, potentially compromising system security (NVD).

Microsoft has identified the affected systems and versions, including specific version numbers up to (excluding) various builds such as 10.0.26100.4652 for Windows Server 2025 and other affected Windows versions. Users should update their systems to the latest available patches (NVD).