CVE-2025-47979Log File Information Exposure in Microsoft Windows Server 2025

CWE-532Log File Information Exposure5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 78.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2025Microsoft Windows Server 2022 23h2
Timeline
PublishedOct 14

Description

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/windows< 10.0.25398.1913+1
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.6899

🔴Vulnerability Details

2
GHSA
GHSA-587g-jwv5-52j3: Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally2025-10-14
CVEList
Microsoft Failover Cluster Information Disclosure Vulnerability2025-10-14

📋Vendor Advisories

1
Microsoft
Microsoft Failover Cluster Information Disclosure Vulnerability2025-10-14

🕵️Threat Intelligence

1
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14
CVE-2025-47979 — Log File Information Exposure | cvebase