CVE-2025-41728

Name of the Vulnerable Software and Affected Versions Device Manager (affected versions not specified)

Description A remote attacker with limited privileges may be able to reveal confidential information from a privileged process's memory. This is achieved by sending specifically designed requests to the Device Manager web service, which triggers an out-of-bounds read operation under specific conditions related to Address Space Layout Randomization (ASLR). This operation could potentially copy sensitive data into a response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.