CVE-2025-29808 - Vulnerability Details - OpenCVE

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows Server 2022

Configuration 1 [-]

cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-10123	Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808

History

Thu, 10 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microsoft Microsoft windows Server 2022
CPEs		cpe:2.3:o:microsoft:windows_server_2022::::::::
Vendors & Products		Microsoft Microsoft windows Server 2022

Tue, 08 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 08 Apr 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
Title		Windows Cryptographic Services Information Disclosure Vulnerability
Weaknesses		CWE-1240
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2025-04-08T17:24:16.441Z

Updated: 2025-06-04T17:53:30.050Z

Reserved: 2025-03-11T18:19:40.248Z

Link: CVE-2025-29808

Vulnrichment

Updated: 2025-04-08T18:37:05.106Z

NVD

Status : Analyzed

Published: 2025-04-08T18:16:06.483

Modified: 2025-07-10T14:28:50.177

Link: CVE-2025-29808

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-29808", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-03-11T18:19:40.248Z", "datePublished": "2025-04-08T17:24:16.441Z", "dateUpdated": "2025-06-04T17:53:30.050Z"}, "containers": {"cna": {"title": "Windows Cryptographic Services Information Disclosure Vulnerability", "datePublic": "2025-04-08T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.3453"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.3453", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation", "lang": "en-US", "type": "CWE", "cweId": "CWE-1240"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-06-04T17:53:30.050Z"}, "references": [{"name": "Windows Cryptographic Services Information Disclosure Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T18:37:00.407215Z", "id": "CVE-2025-29808", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T18:37:13.415Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-29808", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T18:37:00.407215Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T18:37:05.106Z"}}], "cna": {"title": "Windows Cryptographic Services Information Disclosure Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2022", "versions": [{"status": "affected", "version": "10.0.20348.0", "lessThan": "10.0.20348.3453", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2025-04-08T07:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29808", "name": "Windows Cryptographic Services Information Disclosure Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-1240", "description": "CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.20348.3453", "versionStartIncluding": "10.0.20348.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-06-04T17:53:30.050Z"}}}, "cveMetadata": {"cveId": "CVE-2025-29808", "state": "PUBLISHED", "dateUpdated": "2025-06-04T17:53:30.050Z", "dateReserved": "2025-03-11T18:19:40.248Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2025-04-08T17:24:16.441Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}