CVE-2025-21272: Windows COM Server Information Disclosure Vulnerability

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment.