Cyber Resilience

CVE-2025-21224

High

Published: 14 January 2025

Published
14 January 2025
Modified
29 May 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0068 72.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21224 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-7 (Boundary Protection).

Deeper analysis

The vulnerability CVE-2025-21224 affects the Windows Line Printer Daemon (LPD) Service and is classified as a remote code execution issue with associated weaknesses including use-after-free (CWE-416) and CWE-591. It carries a CVSS 3.1 score of 8.1 reflecting network attack vector, high complexity, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can target the LPD service over the network to execute arbitrary code, potentially leading to complete system compromise without any local access or user assistance, though successful exploitation requires overcoming the noted high attack complexity.

Microsoft's advisory at msrc.microsoft.com details the issue and available updates, while additional resources provide scripts for detection and mitigation of the affected LPD service on Windows systems.

The EPSS score shows a material rise from an initial low of 0.0068 to a peak of 0.0134, indicating that exploitation interest emerged after disclosure and that the CVE warrants renewed attention.

EU & UK References

Vulnerability details

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Direct unauthenticated RCE in network-exposed Windows LPD service enables remote exploitation of public-facing apps and remote services for code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40415Same product: Microsoft Windows 10 21H2
CVE-2025-24035Same product: Microsoft Windows 10 21H2
CVE-2025-21334Same product: Microsoft Windows 10 21H2
CVE-2025-21335Same product: Microsoft Windows 10 21H2
CVE-2025-21367Same product: Microsoft Windows 10 21H2
CVE-2025-49724Same product: Microsoft Windows 10 21H2
CVE-2025-47981Same product: Microsoft Windows 10 21H2
CVE-2025-21294Same product: Microsoft Windows 10 21H2
CVE-2025-21295Same product: Microsoft Windows 10 21H2
CVE-2025-21296Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2022
≤ 10.0.20348.3091
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely flaw remediation, directly addressing the Use After Free vulnerability in Windows LPD service via Microsoft patches.

prevent

CM-7 enforces least functionality by disabling the unnecessary LPD service, eliminating the remote code execution attack surface.

prevent

SC-7 provides boundary protection to block inbound network traffic to LPD service port 515, preventing unauthenticated remote exploitation.

References