CVE-2025-49722: 
vulnerability analysis and mitigation

A Windows Print Spooler vulnerability (CVE-2025-49722) was discovered and disclosed on July 8, 2025. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows Server 2008 through Windows Server 2025, and Windows 10 through Windows 11 versions. This security flaw involves uncontrolled resource consumption in Windows Print Spooler Components (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. It is classified under CWE-400 (Uncontrolled Resource Consumption). The vulnerability requires an adjacent network attack vector and low privileges for exploitation, with no user interaction required (NVD).

When successfully exploited, this vulnerability allows an authorized attacker to perform a denial of service attack over an adjacent network, potentially disrupting the availability of printing services in affected Windows systems (NVD, Rapid7).

Microsoft has released security updates to address this vulnerability across multiple affected versions. Security patches are available through various KB articles including KB5062552 through KB5062597 for different Windows versions and editions. Users are advised to apply these security updates to mitigate the vulnerability (Rapid7).