CVE-2025-21309
Published: 14 January 2025
Summary
CVE-2025-21309 is a high-severity Sensitive Data Storage in Improperly Locked Memory (CWE-591) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-17 (Remote Access).
Deeper analysis
Windows Remote Desktop Services contains a remote code execution vulnerability tracked as CVE-2025-21309. The flaw affects the Remote Desktop Services component in Windows and carries a CVSS 3.1 base score of 8.1 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-reachable code execution with high impact on confidentiality, integrity, and availability.
An unauthenticated attacker can exploit the issue over the network without user interaction, although the attack complexity is rated high. Successful exploitation grants the ability to execute arbitrary code with the privileges of the Remote Desktop Services process, potentially leading to full system compromise.
The single reference points to the Microsoft Security Response Center advisory page for CVE-2025-21309, which is the authoritative source for patch availability and mitigation guidance. The associated EPSS score remains low, moving only from 0.0243 to a peak of 0.0253 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2374
Vulnerability details
Windows Remote Desktop Services Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated network RCE in Windows Remote Desktop Services, directly mapping to exploitation of public-facing applications (T1190) and remote services (T1210) for initial access or lateral movement.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the RCE vulnerability by requiring timely remediation through application of vendor patches for Windows Remote Desktop Services.
Provides boundary protection to restrict network access to vulnerable RDS ports, limiting remote exploitation opportunities.
Controls and monitors remote access usage for RDS services, reducing unauthorized exposure and enabling detection of anomalous connections.