{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97796?format=json","vulnerability_id":"VCID-zuu7-wf7t-v3fn","summary":"Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.","aliases":[{"alias":"CVE-2025-49689"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49689","reference_id":"CVE-2025-49689","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-09T04:01:52Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49689"}],"weaknesses":[{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe_id":190,"name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."},{"cwe_id":822,"name":"Untrusted Pointer Dereference","description":"The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer."}],"exploits":[],"severity_range_score":"7.8 - 7.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuu7-wf7t-v3fn"}