CVE-2025-50154

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154 Vendor Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-50154-detection-script-zero-click-windows-file-explorer-spoofing-vulnerability Exploit Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-50154-mitigation-script-zero-click-windows-file-explorer-spoofing-vulnerability Exploit Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
History

26 Sep 2025, 13:09

Type Values Removed Values Added
References () https://www.vicarius.io/vsociety/posts/cve-2025-50154-detection-script-zero-click-windows-file-explorer-spoofing-vulnerability - () https://www.vicarius.io/vsociety/posts/cve-2025-50154-detection-script-zero-click-windows-file-explorer-spoofing-vulnerability - Exploit, Third Party Advisory
References () https://www.vicarius.io/vsociety/posts/cve-2025-50154-mitigation-script-zero-click-windows-file-explorer-spoofing-vulnerability - () https://www.vicarius.io/vsociety/posts/cve-2025-50154-mitigation-script-zero-click-windows-file-explorer-spoofing-vulnerability - Exploit, Mitigation, Third Party Advisory

17 Sep 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 6.5

15 Sep 2025, 18:15

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/cve-2025-50154-detection-script-zero-click-windows-file-explorer-spoofing-vulnerability -
  • () https://www.vicarius.io/vsociety/posts/cve-2025-50154-mitigation-script-zero-click-windows-file-explorer-spoofing-vulnerability -

14 Aug 2025, 17:14

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50154 - Vendor Advisory
CPE cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
First Time Microsoft windows Server 2022
Microsoft windows 11 24h2
Microsoft windows 10 21h2
Microsoft windows 10 22h2
Microsoft
Microsoft windows 10 1607
Microsoft windows 11 22h2
Microsoft windows Server 2019
Microsoft windows Server 2022 23h2
Microsoft windows 10 1507
Microsoft windows Server 2016
Microsoft windows Server 2012
Microsoft windows 11 23h2
Microsoft windows 10 1809
Microsoft windows Server 2025
Microsoft windows Server 2008

13 Aug 2025, 17:34

Type Values Removed Values Added
Summary
  • (es) La exposición de información confidencial a un actor no autorizado en el Explorador de archivos de Windows permite que un atacante no autorizado realice suplantación de identidad a través de una red.

12 Aug 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-12 18:15

Updated : 2025-09-26 13:09

NVD link : CVE-2025-50154

Mitre link : CVE-2025-50154

CVE.ORG link : CVE-2025-50154

JSON object : View

Products Affected

microsoft

  • windows_server_2008
  • windows_10_1607
  • windows_11_23h2
  • windows_10_1809
  • windows_10_21h2
  • windows_11_22h2
  • windows_11_24h2
  • windows_10_1507
  • windows_server_2016
  • windows_server_2025
  • windows_server_2012
  • windows_server_2022
  • windows_server_2019
  • windows_10_22h2
  • windows_server_2022_23h2
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor