CVE-2025-21311
Published: 14 January 2025
Summary
CVE-2025-21311 is a critical-severity Incorrect Implementation of Authentication Algorithm (CWE-303) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 10.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
Windows NTLM V1 Elevation of Privilege Vulnerability CVE-2025-21311 affects the Windows implementation of the NTLM version 1 authentication protocol. The flaw carries a CVSS 3.1 score of 9.8 and is associated with CWE-303, indicating an incorrect implementation of an authentication algorithm that can be reached over the network without credentials or user interaction.
An unauthenticated attacker can exploit the vulnerability remotely to obtain elevated privileges equivalent to those of a local administrator, resulting in full compromise of confidentiality, integrity, and availability on the target system.
Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21311 addresses the issue and supplies the corresponding security update. The associated EPSS score rose from lower values to a peak of 0.0684 on 2026-02-03 before receding to its current level of 0.0442, indicating a temporary increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2376
Vulnerability details
Windows NTLM V1 Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE is explicitly described as a remote elevation of privilege vulnerability in the Windows NTLM V1 authentication component with no privileges or user interaction required, directly mapping to exploitation of a software vulnerability for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification, reporting, and correction of the specific NTLM V1 elevation of privilege flaw through timely application of Microsoft patches.
Enforces baseline configuration settings to disable or restrict legacy NTLM V1 authentication, directly preventing remote exploitation.
Limits the impact of successful NTLM V1 privilege escalation by ensuring components execute with minimal privileges necessary.