CVE-2025-21235
Published: 14 January 2025
Summary
CVE-2025-21235 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 40.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21235 is an Elevation of Privilege vulnerability in the Windows PrintWorkflowUserSvc component. Published on 2025-01-14, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-20 (Improper Input Validation) along with NVD-CWE-noinfo.
The vulnerability can be exploited by a local attacker who already has low-privilege access to the system. Exploitation requires low complexity and no user interaction, allowing the attacker to gain high-impact control over confidentiality, integrity, and availability, typically resulting in full administrative or SYSTEM-level privileges on the affected Windows system.
Microsoft's Security Response Center provides an update guide for mitigation and patching details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21235.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2302
Vulnerability details
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local EoP vulnerability in Windows service directly enables exploitation for privilege escalation from low-priv to SYSTEM.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring timely identification, reporting, and remediation of the improper input validation flaw in PrintWorkflowUserSvc.
Addresses the root cause CWE-20 by enforcing comprehensive information input validation mechanisms at entry points exploited in PrintWorkflowUserSvc.
Enforces least privilege to restrict the scope of privileges attainable through local elevation in PrintWorkflowUserSvc even if exploited.