CVE-2025-21343

High

Published: 14 January 2025

Published

14 January 2025

Modified

21 January 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0539 90.2th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21343 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 9.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through applying the Microsoft patch directly eliminates the information disclosure vulnerability in the Windows Web Threat Defense User Service.

AC-6 Least Privilege good match

prevent

Least privilege enforcement addresses the root cause of CWE-269 improper privilege management, preventing the service from disclosing sensitive information to unauthenticated remote attackers.

AC-3 Access Enforcement good match

prevent

Access enforcement ensures the service authorizes and restricts logical access to sensitive information, blocking unauthorized remote disclosure.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The remote unauthenticated info disclosure in the Windows service directly facilitates collection of sensitive data from the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Windows Web Threat Defense User Service Information Disclosure Vulnerability

Deeper analysisAI

CVE-2025-21343 is an information disclosure vulnerability in the Windows Web Threat Defense User Service. Published on 2025-01-14, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-269 (Improper Privilege Management) and NVD-CWE-noinfo.

The vulnerability allows a remote unauthenticated attacker to exploit the service over the network with low attack complexity and no user interaction required. Successful exploitation results in high-impact disclosure of sensitive information, with no impact on integrity or availability.

Microsoft's advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343 provides details on mitigation and available patches.

Details

CWE(s): CWE-269 NVD-CWE-noinfo

Affected Products

microsoft

windows 11 22h2

≤ 10.0.22621.4751

microsoft

windows 11 23h2

≤ 10.0.22631.4751

microsoft

windows 11 24h2

≤ 10.0.26100.2894

CVEs Like This One

CVE-2025-21370Same product: Microsoft Windows 11 22H2

CVE-2025-24994Same product: Microsoft Windows 11 22H2

CVE-2025-33054Same product: Microsoft Windows 11 22H2

CVE-2025-24984Same product: Microsoft Windows 11 22H2

CVE-2025-21287Same product: Microsoft Windows 11 22H2

CVE-2025-24991Same product: Microsoft Windows 11 22H2

CVE-2026-21533Same product: Microsoft Windows 11 23H2

CVE-2025-24076Same product: Microsoft Windows 11 22H2

CVE-2025-21325Same product: Microsoft Windows 11 22H2

CVE-2025-49758Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21343
Patch, Vendor Advisory · secure@microsoft.com