CVE-2025-29842

HIGH EPSS 28.9%

Published May 13, 20251y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published May 13, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.

Base Score

7.5

Exploitability

1.6

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

EPSS Exploit Probability

28.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

CWE-345

CWE-349

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.21014
microsoft	windows_10_1507	*	<10.0.10240.21014
microsoft	windows_10_1607	*	<10.0.14393.8066
microsoft	windows_10_1607	*	<10.0.14393.8066
microsoft	windows_10_1809	*	<10.0.17763.7314
microsoft	windows_10_1809	*	<10.0.17763.7314
microsoft	windows_10_21h2	*	<10.0.19044.5854
microsoft	windows_10_21h2	*	<10.0.19044.5854
microsoft	windows_10_21h2	*	<10.0.19044.5854
microsoft	windows_10_22h2	*	<10.0.19045.5854
microsoft	windows_10_22h2	*	<10.0.19045.5854
microsoft	windows_10_22h2	*	<10.0.19045.5854
microsoft	windows_11_22h2	*	<10.0.22621.5335
microsoft	windows_11_22h2	*	<10.0.22621.5335
microsoft	windows_11_23h2	*	<10.0.22631.5335
microsoft	windows_11_23h2	*	<10.0.22631.5335
microsoft	windows_11_24h2	*	<10.0.26100.4061
microsoft	windows_11_24h2	*	<10.0.26100.4061
microsoft	windows_server_2016	*	<10.0.14393.8066
microsoft	windows_server_2019	*	<10.0.17763.7314
microsoft	windows_server_2022	*	<10.0.20348.3692
microsoft	windows_server_2022_23h2	*	<10.0.25398.1611
microsoft	windows_server_2025	*	<10.0.26100.4061

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29842

Vendor Advisory

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.