CVE-2025-21325
Published: 17 January 2025
Summary
CVE-2025-21325 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 24.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, reporting, and correction of the specific flaw in Windows Secure Kernel via timely patching to prevent local elevation of privilege exploitation.
Implements a kernel reference monitor to enforce access control policies on critical resources, mitigating incorrect permission assignments exploited in this vulnerability.
Enforces least privilege for processes and users, limiting the impact and feasibility of low-privileged local attackers elevating to Secure Kernel mode.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local privilege escalation vulnerability in Windows Secure Kernel allowing low-privileged attackers to gain elevated access with high impact on confidentiality, integrity, and availability, directly enabling T1068 Exploitation for Privilege Escalation.
NVD Description
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Deeper analysisAI
CVE-2025-21325 is a Windows Secure Kernel Mode Elevation of Privilege Vulnerability, published on 2025-01-17T01:15:31.073. It affects the Windows Secure Kernel component and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is associated with CWE-732 (Incorrect Permission Assignment for Critical Resource) and NVD-CWE-noinfo.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation enables elevation of privileges within the Secure Kernel mode, resulting in high impacts to confidentiality, integrity, and availability.
The Microsoft Security Response Center provides guidance on this vulnerability, including patches and mitigation details, in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325.
Details
- CWE(s)