CVE-2025-49760

Name of the Vulnerable Software and Affected Versions Windows versions prior to July 2025

Description A flaw exists in Windows related to the external control of file names or paths within Windows Storage. This issue allows an attacker to perform spoofing attacks over a network. The vulnerability, known as EPM Poisoning (CVE-2025-49760), impacts the core RPC system and can allow attackers to impersonate trusted services, including potentially hijacking DNS and even spoofing Windows Defender’s ID. Successful exploitation could lead to full Active Directory compromise and the theft of machine credentials. The vulnerability allows a local unprivileged attacker to manipulate Windows Storage Service and extract local machine's NTLM credentials.

Recommendations Update Windows to the July 2025 version or later to address this vulnerability.