Cyber Resilience

CVE-2025-21325

HighLPE

Published: 17 January 2025

Published
17 January 2025
Modified
07 February 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0121 79.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21325 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21325 is an elevation-of-privilege vulnerability in the Windows Secure Kernel Mode component. It carries a CVSS 3.1 base score of 7.8 and is associated with CWE-732. The flaw allows an attacker who already has local access to escalate privileges within the secure kernel environment.

An authenticated local user with low privileges can exploit the issue without user interaction. Successful exploitation grants the attacker high confidentiality, integrity, and availability impact, enabling them to obtain elevated rights that would otherwise be restricted by the secure kernel boundary.

Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325 addresses the flaw and directs administrators to apply the corresponding security update through standard Windows servicing channels.

The EPSS score remains low at 0.0121 with no material increase since disclosure, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local privilege escalation vulnerability in Windows Secure Kernel allowing low-privileged attackers to gain elevated access with high impact on confidentiality, integrity, and availability, directly enabling T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21334Same product: Microsoft Windows 10 21H2
CVE-2025-21333Same product: Microsoft Windows 10 21H2
CVE-2025-21335Same product: Microsoft Windows 10 21H2
CVE-2025-21275Same product: Microsoft Windows 10 21H2
CVE-2025-21234Same product: Microsoft Windows 10 21H2
CVE-2025-21235Same product: Microsoft Windows 10 21H2
CVE-2025-49723Same product: Microsoft Windows 10 21H2
CVE-2025-21382Same product: Microsoft Windows 10 21H2
CVE-2025-21367Same product: Microsoft Windows 10 21H2
CVE-2025-21292Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the specific flaw in Windows Secure Kernel via timely patching to prevent local elevation of privilege exploitation.

prevent

Implements a kernel reference monitor to enforce access control policies on critical resources, mitigating incorrect permission assignments exploited in this vulnerability.

prevent

Enforces least privilege for processes and users, limiting the impact and feasibility of low-privileged local attackers elevating to Secure Kernel mode.

References