CVE-2025-21296
Published: 14 January 2025
Summary
CVE-2025-21296 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 48.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the Use After Free vulnerability in BranchCache by requiring identification, reporting, and correction of software flaws through vendor patches.
Provides comprehensive memory protections like address space randomization and non-executable memory to block exploitation of the Use After Free condition leading to RCE.
Enforces least functionality to disable or restrict unnecessary BranchCache capabilities, removing the attack surface for adjacent network exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an unauthenticated remote code execution vulnerability in the BranchCache Windows component accessible over adjacent networks, directly mapping to exploitation of remote services for code execution.
NVD Description
BranchCache Remote Code Execution Vulnerability
Deeper analysisAI
CVE-2025-21296 is a BranchCache Remote Code Execution Vulnerability with a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). It affects the BranchCache component in Microsoft Windows and is linked to CWE-416 (Use After Free), as indicated by NVD-CWE-noinfo. The vulnerability was published on 2025-01-14.
An attacker on an adjacent network can exploit this vulnerability without privileges or user interaction, though it requires high attack complexity. Successful exploitation enables remote code execution, resulting in high impacts to confidentiality, integrity, and availability.
The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21296 provides details on patches and mitigation guidance.
Details
- CWE(s)