CVE-2025-21343
Published: 14 January 2025
Summary
CVE-2025-21343 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 9.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-21343 is an information disclosure vulnerability affecting the Windows Web Threat Defense User Service. The flaw carries a CVSS 3.1 base score of 7.5 and is associated with CWE-269, indicating improper privilege management that can expose sensitive data over the network without requiring authentication or user interaction.
An unauthenticated remote attacker can exploit the issue to obtain high-value confidentiality data from the affected service. The attack vector is rated as network-accessible with low complexity, allowing an adversary to read information that should otherwise remain protected.
Microsoft’s advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343 provides official guidance on available patches and mitigation steps for the affected Windows components.
The EPSS score for this CVE rose from a low baseline to a recorded peak of 0.0988 before settling at the current value of 0.0539, indicating emerging exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2408
Vulnerability details
Windows Web Threat Defense User Service Information Disclosure Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote unauthenticated info disclosure in the Windows service directly facilitates collection of sensitive data from the local system.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through applying the Microsoft patch directly eliminates the information disclosure vulnerability in the Windows Web Threat Defense User Service.
Least privilege enforcement addresses the root cause of CWE-269 improper privilege management, preventing the service from disclosing sensitive information to unauthenticated remote attackers.
Access enforcement ensures the service authorizes and restricts logical access to sensitive information, blocking unauthorized remote disclosure.