CVE-2025-62570
published 2025-12-09CVE-2025-62570: Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
PriorityP429medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.37%
28.3th percentile
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_24h2 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_11_25h2 | < 10.0.26200.7392 | 10.0.26200.7392 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.7462 | 10.0.26200.7462 |
| microsoft | windows_server_2025 | < 10.0.26100.7392 | 10.0.26100.7392 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.7462 | 10.0.26100.7462 |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_25h2_for_x64-based_systems | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_msrc7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gxc-vgjg-vjrc: Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally
ghsa_unreviewed·2025-12-09
CVE-2025-62570 [HIGH] CWE-284 GHSA-8gxc-vgjg-vjrc: Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
Microsoft
Windows Camera Frame Server Monitor Information Disclosure Vulnerability
vendor_msrc·2025-12-09·CVSS 7.1
CVE-2025-62570 [HIGH] CWE-284 Windows Camera Frame Server Monitor Information Disclosure Vulnerability
Windows Camera Frame Server Monitor Information Disclosure Vulnerability
Description: Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
FAQ: What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of certain kernel memory content.
Windows Camera Frame Server Monitor: Windows Camera Frame Server Monitor
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Information Disclosure
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5072033
Reference: https://support.microsoft.com/help/5072033
Reference: https://catalog
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
blogs_bleepingcomputer·2025-12-09·CVSS 7.8
[HIGH] Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
## Lawrence Abrams
28 Elevation of Privilege Vulnerabilities
19 Remote Code Execution Vulnerabilities
4 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (15 flaws) and Mariner vulnerabilities fixed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5072033 & KB5071417 cumulative updates .
If you're facing delays, blind spots, or prioritization issues with Patch Tuesday updates, our recent webinar with
Wiz
CVE-2025-62570 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2025-62570 [HIGH] CVE-2025-62570 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62570 :
vulnerability analysis and mitigation
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
Source : NVD
## 5.5
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 7.1
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.2
Exploitation Probability (EPSS) 0.1
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Free Vulnerability Assessment
## Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify
2025-12-09
Published