CVE-2025-47979

MEDIUM

Microsoft Windows Server 2022 23h2 - Log Information Exposure

Title source: rule
STIX 2.1

Description

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.

References (1)

Scores

CVSS v3 5.5
EPSS 0.0007
EPSS Percentile 21.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (2)
microsoft/windows_server_2022_23h2 < 10.0.25398.1913
microsoft/windows_server_2025 < 10.0.26100.6899
Published Oct 14, 2025
Tracked Since Feb 18, 2026