CVE-2025-49760: 
vulnerability analysis and mitigation

CVE-2025-49760 is a security vulnerability discovered in Windows Storage that was disclosed on July 8, 2025. The vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions. This vulnerability is related to external control of file name or path in Windows Storage, which could potentially allow an authorized attacker to perform spoofing over a network (NVD, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 3.5 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The vulnerability is classified under CWE-73 (External Control of File Name or Path) (NVD).

The vulnerability primarily affects the confidentiality of the system with a low impact rating, while integrity and availability remain unaffected. The spoofing capability could potentially allow an authorized attacker to manipulate file paths or names over a network connection (NVD).

Microsoft has released security updates to address this vulnerability across multiple Windows versions. The fixes are available through various KB updates including KB5062552 for Windows 11 22H2/23H2, KB5062553 for Windows 11 24H2, KB5062554 for Windows 10 21H2/22H2, and several other versions of Windows Server (Rapid7).