CVE-2025-21358
Published: 11 February 2025
Summary
CVE-2025-21358 is a high-severity Untrusted Pointer Dereference (CWE-822) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 directly remediates the specific flaw in Windows Core Messaging by applying Microsoft's vendor-provided patch, preventing exploitation of the untrusted pointer dereference.
SI-16 implements memory protection mechanisms like ASLR and DEP that directly mitigate untrusted pointer dereference vulnerabilities by preventing reliable memory corruption exploits.
AC-6 enforces least privilege for local low-privilege accounts, limiting the initial attack surface and potential impact before elevation via the Core Messaging vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This is a local privilege escalation vulnerability (EoP) in Windows Core Messaging allowing low-privileged attackers to elevate to full system control via untrusted pointer dereference.
NVD Description
Windows Core Messaging Elevation of Privileges Vulnerability
Deeper analysisAI
CVE-2025-21358 is a Windows Core Messaging Elevation of Privileges Vulnerability, published on 2025-02-11. It affects the Core Messaging component in Windows operating systems and is associated with CWE-822 (Untrusted Pointer Dereference) along with NVD-CWE-noinfo. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact with local access.
A local attacker with low privileges (PR:L) can exploit this vulnerability through low-complexity attacks requiring no user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to elevate privileges, potentially gaining full system control within the unchanged security scope (S:U).
Microsoft's Security Response Center provides update guidance and mitigation details for CVE-2025-21358 at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21358.
Details
- CWE(s)