Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-49658
CVE-2025-49658:
vulnerability analysis and mitigation
Overview
Out-of-bounds read vulnerability in Windows TDX.sys was discovered and assigned CVE-2025-49658. The vulnerability was reported on July 8, 2025, and affects various Microsoft Windows Server versions. This security flaw allows an authorized attacker to disclose information locally (NVD, CVE Mitre).
Technical details
The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS v3.1 Base Score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N) (NVD).
Impact
The vulnerability allows an authorized attacker to disclose information locally through an out-of-bounds read in the Windows TDX.sys component. This could potentially lead to unauthorized access to sensitive information (NVD).
Mitigation and workarounds
Microsoft has identified the vulnerability and provided information through their Security Update Guide. Affected systems include Windows Server 2008, 2012, and 2025 versions up to (excluding) 10.0.26100.4652 (NVD, Microsoft Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management