Cyber Resilience

CVE-2025-21277

High

Published: 14 January 2025

Published
14 January 2025
Modified
27 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.3050 96.8th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21277 is a high-severity Buffer Over-read (CWE-126) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

Microsoft Message Queuing (MSMQ) contains a denial-of-service vulnerability tracked as CVE-2025-21277. The flaw is present in the MSMQ component of affected Microsoft Windows systems and carries a CVSS 3.1 base score of 7.5, reflecting a network-accessible attack that requires no authentication or user interaction and results in high impact to availability. The associated weakness is listed under CWE-126.

An unauthenticated remote attacker can send specially crafted network messages to an MSMQ service, triggering the denial-of-service condition and disrupting message queuing operations on the target system. The attack requires only low attack complexity and can be launched over the network without any privileges.

The Microsoft Security Response Center advisory for CVE-2025-21277 is available at the published reference URL and contains official guidance on applicable updates. The EPSS score for this CVE has remained flat at 0.3050 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct network-exploitable DoS in MSMQ maps to public-facing app exploitation and application/system exploitation for availability impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20846Same product: Microsoft Windows 10 1607
CVE-2025-21368Same product: Microsoft Windows 10 1507
CVE-2025-21389Same product: Microsoft Windows 10 1507
CVE-2025-21230Same product: Microsoft Windows 10 1507
CVE-2025-50177Same product: Microsoft Windows 10 1507
CVE-2025-21220Same product: Microsoft Windows 10 1507
CVE-2025-21285Same product: Microsoft Windows 10 1507
CVE-2025-21300Same product: Microsoft Windows 10 1507
CVE-2025-21290Same product: Microsoft Windows 10 1507
CVE-2025-21294Same product: Microsoft Windows 10 1507

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20890 · ≤ 10.0.10240.20890
microsoft
windows 10 1607
≤ 10.0.14393.7699 · ≤ 10.0.14393.7699
microsoft
windows 10 1809
≤ 10.0.17763.6775 · ≤ 10.0.17763.6775
microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws like CVE-2025-21277 through vendor patches, directly eliminating the MSMQ DoS vulnerability.

preventdetect

Implements denial-of-service protections such as rate limiting and traffic filtering to block or limit the unauthenticated network-based MSMQ DoS attacks.

preventrecover

Ensures resource availability for MSMQ by protecting against degradation from DoS exploitation through allocation controls and failover mechanisms.

References