CVE-2025-29808
Windows Cryptographic Services Information Disclosure Vulnerability
In short
A weakness in how Windows handles cryptographic operations allows an authorized user on a computer to access sensitive information that should be protected. This could expose encryption keys or other confidential data.
Technical detail
CWE-1240 involves use of a cryptographic primitive with inadequate implementation in Windows Cryptographic Services. An authenticated local attacker can exploit this to perform information disclosure; the vulnerability requires prior system access and valid credentials, with impact limited to confidentiality of cryptographic material or related secrets.
Summary generated and translated by AI from the official description.
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Windows Server 2022Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →