CVE-2025-21297
Published: 14 January 2025
Summary
CVE-2025-21297 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21297 is a remote code execution vulnerability in Windows Remote Desktop Services, assigned a CVSS v3.1 base score of 8.1 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and linked to CWE-416. The flaw affects the Remote Desktop Services component and was publicly disclosed on 14 January 2025.
An unauthenticated attacker can exploit the issue remotely over the network, albeit with high attack complexity, to achieve arbitrary code execution that impacts confidentiality, integrity, and availability without requiring user interaction or privileges.
Microsoft's Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21297 supplies official mitigation guidance and patch information for affected Windows versions.
The associated EPSS score rose from a low baseline to a recorded peak of 0.0300, indicating increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2362
Vulnerability details
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote code execution vulnerability in Windows Remote Desktop Services enables direct exploitation of the remote service without authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely patching and remediation of known vulnerabilities like CVE-2025-21297 in Windows Remote Desktop Services to prevent remote code execution.
Restricts systems to least functionality by disabling or prohibiting unnecessary Remote Desktop Services, eliminating the attack surface for this RCE vulnerability.
Establishes controls and restrictions for remote access mechanisms like Remote Desktop Services, such as managed gateways or VPNs, to limit exposure to unauthenticated network-based exploitation.