CVE-2025-21275
Published: 14 January 2025
Summary
CVE-2025-21275 is a high-severity Improper Authorization (CWE-285) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations, directly addressing the improper authorization (CWE-285) in the Windows App Package Installer that enables privilege escalation.
Applies least privilege to restrict low-privileged local attackers from escalating to high-level access via the vulnerable installer.
Requires timely remediation of the specific elevation of privilege flaw in the Windows App Package Installer through patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local EoP via improper authorization in a system component, matching Exploitation for Privilege Escalation.
NVD Description
Windows App Package Installer Elevation of Privilege Vulnerability
Deeper analysisAI
CVE-2025-21275 is an Elevation of Privilege vulnerability in the Windows App Package Installer. It stems from improper authorization (CWE-285) and affects Windows systems utilizing this component for installing app packages. The vulnerability received a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access is required, low attack complexity, low privileges needed, no user interaction, unchanged scope, and high impacts to confidentiality, integrity, and availability.
A local attacker with low-level privileges can exploit this vulnerability to elevate their privileges on the affected system. Successful exploitation allows the attacker to gain high-level access, potentially compromising sensitive data, modifying system files, or disrupting services, as reflected in the high impact ratings across confidentiality, integrity, and availability.
Microsoft has published details and mitigation guidance in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21275, which security practitioners should consult for patching instructions and workarounds. The vulnerability was published on 2025-01-14.
Details
- CWE(s)