CVE-2025-29956: Windows SMB Information Disclosure Vulnerability

Overview

Severity: Medium (CVSS 5.4)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
Category: Information Disclosure
Exploit Status: Not Exploited
Exploitation Likelihood: Unlikely
Patch Tuesday: 2025-May
Released: 2025-05-13
EPSS Score: 0.37% (percentile: 59.1%)

Description

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? The attack requires to trick a user to open an SMB share folder that is hosted on the attacker-controlled system. Windows Explorer has to automatically register for directory change notification after opening the share folder. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. How could an attacker exploit the vulnerability? To successfully exploit the vulnerability, an attacker would need to direct a user to connect to the malicious SMB server to retrieve some data as part of an OS API call. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? For this vulnerability, it is out of attacker's control to trigger the OOB read buffer to be sent back to the attacker-controlled system. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), no loss of integrity (I:N), and some loss of availability (A:L). What does that mean for this vulnerability? There is a high likelihood that the Out-Of-Bounds (OOB) read data results in a crash in Windows Explorer. Every time the SMB client sends the OOB read data to the remote SMB server and a crash does not occur, it would contain several bytes of random user mode heap memory.

Affected Products (37)

Windows

Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows Server 2025
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)

ESU

Windows 11 Version 22H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

CVE-2025-29956: Windows SMB Information Disclosure Vulnerability

Overview

Description

FAQ

Affected Products (37)

Windows

ESU

Security Updates (16)

Acknowledgments

Revision History