CVE-2025-21325
Published: 17 January 2025
Summary
CVE-2025-21325 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 20.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21325 is an elevation-of-privilege vulnerability in the Windows Secure Kernel Mode component. It carries a CVSS 3.1 base score of 7.8 and is associated with CWE-732. The flaw allows an attacker who already has local access to escalate privileges within the secure kernel environment.
An authenticated local user with low privileges can exploit the issue without user interaction. Successful exploitation grants the attacker high confidentiality, integrity, and availability impact, enabling them to obtain elevated rights that would otherwise be restricted by the secure kernel boundary.
Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21325 addresses the flaw and directs administrators to apply the corresponding security update through standard Windows servicing channels.
The EPSS score remains low at 0.0121 with no material increase since disclosure, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2390
Vulnerability details
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local privilege escalation vulnerability in Windows Secure Kernel allowing low-privileged attackers to gain elevated access with high impact on confidentiality, integrity, and availability, directly enabling T1068 Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and correction of the specific flaw in Windows Secure Kernel via timely patching to prevent local elevation of privilege exploitation.
Implements a kernel reference monitor to enforce access control policies on critical resources, mitigating incorrect permission assignments exploited in this vulnerability.
Enforces least privilege for processes and users, limiting the impact and feasibility of low-privileged local attackers elevating to Secure Kernel mode.