Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-50154Sensitive Information Exposure in Microsoft Windows 10 Version 1507

CWE-200Sensitive Information ExposureCWE-416Use After Free6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
15.1%
top 5.40%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
27
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+24 more
Timeline
PublishedAug 12
Latest updateAug 18

Description

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages26 packages

NVDmicrosoft/windows< 10.0.14393.8330+5
NVDmicrosoft/windows_10_1507< 10.0.10240.21100
NVDmicrosoft/windows_10_1607< 10.0.14393.8330
NVDmicrosoft/windows_10_1809< 10.0.17763.7678
NVDmicrosoft/windows_10_21h2< 10.0.19044.6216

🔴Vulnerability Details

2
GHSA
GHSA-45m9-mh54-jw4w: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network2025-08-12
CVEList
Microsoft Windows File Explorer Spoofing Vulnerability2025-08-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure2025-08-18

📋Vendor Advisories

2
Microsoft
Microsoft Windows File Explorer Spoofing Vulnerability2025-08-12
Microsoft
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().2024-11-12
CVE-2025-50154 — Sensitive Information Exposure | cvebase