Cyber Resilience

CVE-2025-21343

High

Published: 14 January 2025

Published
14 January 2025
Modified
21 January 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0539 90.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21343 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21343 is an information disclosure vulnerability affecting the Windows Web Threat Defense User Service. The flaw carries a CVSS 3.1 base score of 7.5 and is associated with CWE-269, indicating improper privilege management that can expose sensitive data over the network without requiring authentication or user interaction.

An unauthenticated remote attacker can exploit the issue to obtain high-value confidentiality data from the affected service. The attack vector is rated as network-accessible with low complexity, allowing an adversary to read information that should otherwise remain protected.

Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343 provides official guidance on available patches and mitigation steps for the affected Windows components.

The EPSS score for this CVE rose from a low baseline to a recorded peak of 0.0988 before settling at the current value of 0.0539, indicating emerging exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Windows Web Threat Defense User Service Information Disclosure Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

The remote unauthenticated info disclosure in the Windows service directly facilitates collection of sensitive data from the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24994Same product: Microsoft Windows 11 22H2
CVE-2025-21370Same product: Microsoft Windows 11 22H2
CVE-2025-33054Same product: Microsoft Windows 11 22H2
CVE-2025-24984Same product: Microsoft Windows 11 22H2
CVE-2025-21287Same product: Microsoft Windows 11 22H2
CVE-2025-24991Same product: Microsoft Windows 11 22H2
CVE-2026-34336Same product: Microsoft Windows 11 23H2
CVE-2026-21533Same product: Microsoft Windows 11 23H2
CVE-2025-24076Same product: Microsoft Windows 11 22H2
CVE-2025-21325Same product: Microsoft Windows 11 22H2

Affected Assets

microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through applying the Microsoft patch directly eliminates the information disclosure vulnerability in the Windows Web Threat Defense User Service.

prevent

Least privilege enforcement addresses the root cause of CWE-269 improper privilege management, preventing the service from disclosing sensitive information to unauthenticated remote attackers.

prevent

Access enforcement ensures the service authorizes and restricts logical access to sensitive information, blocking unauthorized remote disclosure.

References