Cyber Posture

CVE-2025-21182

High

Published: 11 February 2025

Published
11 February 2025
Modified
25 February 2025
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21182 is a high-severity Double Free (CWE-415) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the specific elevation of privilege flaw in the ReFS Deduplication Service by requiring timely application of security updates as recommended by Microsoft.

AC-6 Least Privilege partial match
prevent

Enforces least privilege for system processes and services, limiting the potential impact and scope of successful privilege escalation from unprivileged local attackers.

CM-7 Least Functionality partial match
prevent

Reduces attack surface by configuring systems to disable unnecessary functionality such as ReFS deduplication when not required, preventing exploitation of the vulnerable service.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local EoP vulnerability in ReFS Deduplication Service directly matches Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability

Deeper analysisAI

CVE-2025-21182 is an Elevation of Privilege vulnerability in the Windows Resilient File System (ReFS) Deduplication Service. It affects Windows systems utilizing ReFS with deduplication enabled, allowing attackers to exploit a flaw that leads to privilege escalation. The vulnerability has a CVSS v3.1 base score of 7.4 (High), with vector AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-415.

A local attacker with no privileges required can exploit this vulnerability, though it demands high attack complexity and no user interaction. Successful exploitation enables the attacker to gain elevated privileges, resulting in high impacts on confidentiality, integrity, and availability within the unchanged scope.

Microsoft's Security Response Center provides an update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21182, recommending the application of available security updates to mitigate the issue.

Details

CWE(s)
CWE-415NVD-CWE-noinfo

Affected Products

microsoft
windows 11 24h2
≤ 10.0.26100.3107
microsoft
windows server 2025
≤ 10.0.26100.3107

CVEs Like This One

CVE-2025-21183Same product: Microsoft Windows 11 24H2
CVE-2026-26179Same product: Microsoft Windows 11 24H2
CVE-2026-32074Same product: Microsoft Windows 11 24H2
CVE-2026-32069Same product: Microsoft Windows 11 24H2
CVE-2025-60710Same product: Microsoft Windows 11 24H2
CVE-2026-20941Same product: Microsoft Windows 11 24H2
CVE-2025-21372Same product: Microsoft Windows 11 24H2
CVE-2026-20859Same product: Microsoft Windows 11 24H2
CVE-2026-20870Same product: Microsoft Windows 11 24H2
CVE-2026-20832Same product: Microsoft Windows 11 24H2

References