Main Vulnerability Database Vulnerabilities #VU112508

Heap-based buffer overflow in Windows and Windows Server - CVE-2025-49721

Published: July 8, 2025

Vulnerability identifier: #VU112508

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-49721

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows Fast FAT File System Driver. A remote attacker can trick a victim into mounting a specially crafted VHD, trigger a heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2025-49721

Install update from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49721

Heap-based buffer overflow in Windows and Windows Server - CVE-2025-49721

Detailed vulnerability description

How to mitigate CVE-2025-49721

Sources

Please verify you're human