CVE-2025-29829
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Tags
Description
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
Analysis
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Affected products include: Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2.
Affected Products
Microsoft Windows 10 1507, Microsoft Windows 10 1607, Microsoft Windows 10 1809, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today