A recently identified vulnerability within the Windows Defender Firewall Service has raised concerns regarding information security. This flaw, designated as CVE-2025-62468, has been classified with an Important severity rating and was disclosed on December 9, 2025.
Details of the Vulnerability
The vulnerability arises from an out-of-bounds read condition in the Windows Defender Firewall Service component. According to Microsoft’s security advisory, an authorized attacker with elevated privileges can exploit this flaw to access sensitive portions of heap memory without requiring user interaction. While the vulnerability poses a risk to the confidentiality of stored information, it does not compromise system integrity or availability. It carries a CVSS v3.1 base score of 4.4, indicating a moderate level of severity.
The characteristics of this vulnerability include:
- Local attack vector
- Low attack complexity
- High privileges required
- No user interaction needed
Microsoft has assessed the likelihood of exploitation as unlikely, noting that no public exploit code or active exploitation has been reported at the time of disclosure. In response, the company has released security updates to address CVE-2025-62468 across various Windows platforms.
Affected Products
The following products are impacted by this vulnerability:
| Product | KB Article | Build Numbers |
|---|---|---|
| Windows Server 2025 | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows 11 Version 24H2 (x64) | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows 11 Version 24H2 (ARM64) | KB5072033, KB5072014 | 10.0.26100.7462 / 10.0.26100.7392 |
| Windows Server 2022 23H2 (Server Core) | KB5071542 | 10.0.25398.2025 |
| Windows 11 Version 23H2 (x64) | KB5071417 | 10.0.22631.6345 |
| Windows 11 Version 23H2 (ARM64) | KB5071417 | 10.0.22631.6345 |
| Windows 11 Version 25H2 (x64) | KB5072033, KB5072014 | 10.0.26200.7462 / 10.0.26200.7392 |
| Windows 11 Version 25H2 (ARM64) | KB5072033, KB5072014 | 10.0.26200.7462 / 10.0.26200.7392 |
Organizations can access the necessary patches through Microsoft Update or the Microsoft Update Catalog. Notably, Windows Server 2025 and the latest Windows 11 versions have received both standard security updates and security hotpatch updates, providing flexibility in deployment strategies. Administrators are encouraged to apply these updates promptly to mitigate potential exposure risks.
While the vulnerability necessitates high-level privilege escalation, limiting its immediate threat scope, it highlights the critical importance of restricting administrative access and monitoring the activities of privileged users. The out-of-bounds read weakness (CWE-125) allows attackers to access memory regions beyond intended boundaries, making it a targeted threat primarily affecting organizations with stringent access controls and monitoring protocols.
Credit is due to security researchers from Kunlun Lab for responsibly disclosing this vulnerability to Microsoft through coordinated disclosure channels.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
