Cyber Resilience

CVE-2025-21182

High

Published: 11 February 2025

Published
11 February 2025
Modified
25 February 2025
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21182 is a high-severity Double Free (CWE-415) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21182 is an Elevation of Privilege vulnerability in the Windows Resilient File System (ReFS) Deduplication Service. It affects Windows systems utilizing ReFS with deduplication enabled, allowing attackers to exploit a flaw that leads to privilege escalation. The vulnerability has a CVSS v3.1 base score of 7.4 (High), with vector AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-415.

A local attacker with no privileges required can exploit this vulnerability, though it demands high attack complexity and no user interaction. Successful exploitation enables the attacker to gain elevated privileges, resulting in high impacts on confidentiality, integrity, and availability within the unchanged scope.

Microsoft's Security Response Center provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21182, recommending the application of available security updates to mitigate the issue.

EU & UK References

Vulnerability details

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local EoP vulnerability in ReFS Deduplication Service directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21183Same product: Microsoft Windows 11 24H2
CVE-2026-26179Same product: Microsoft Windows 11 24H2
CVE-2026-32074Same product: Microsoft Windows 11 24H2
CVE-2026-32069Same product: Microsoft Windows 11 24H2
CVE-2025-21372Same product: Microsoft Windows 11 24H2
CVE-2025-21315Same product: Microsoft Windows 11 24H2
CVE-2026-21245Same product: Microsoft Windows 11 24H2
CVE-2025-60710Same product: Microsoft Windows 11 24H2
CVE-2026-20941Same product: Microsoft Windows 11 24H2
CVE-2026-20870Same product: Microsoft Windows 11 24H2

Affected Assets

microsoft
windows 11 24h2
≤ 10.0.26100.3107
microsoft
windows server 2025
≤ 10.0.26100.3107

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific elevation of privilege flaw in the ReFS Deduplication Service by requiring timely application of security updates as recommended by Microsoft.

prevent

Enforces least privilege for system processes and services, limiting the potential impact and scope of successful privilege escalation from unprivileged local attackers.

prevent

Reduces attack surface by configuring systems to disable unnecessary functionality such as ReFS deduplication when not required, preventing exploitation of the vulnerable service.

References