CVE-2025-21359
Published: 11 February 2025
Summary
CVE-2025-21359 is a high-severity Improper Access Control (CWE-284) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21359 is a Windows Kernel Security Feature Bypass Vulnerability, published on 2025-02-11T18:15:34.743. It affects the Windows Kernel component and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is associated with CWE-284 and NVD-CWE-noinfo.
A local attacker with low privileges (PR:L) can exploit this vulnerability through a low-complexity attack (AC:L) that requires no user interaction (UI:N). Successful exploitation enables the attacker to bypass kernel security features, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U).
The Microsoft Security Response Center advisory provides details on mitigation and patches at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21359.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2422
Vulnerability details
Windows Kernel Security Feature Bypass Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This Windows Kernel security feature bypass vulnerability allows a local low-privileged attacker to bypass kernel protections and achieve high impact on confidentiality, integrity, and availability, directly enabling exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the Windows Kernel security feature bypass by requiring identification, reporting, and timely remediation of system flaws through vendor patches.
Implements a reference monitor in the kernel to mediate all access attempts and enforce security policies, directly countering bypass vulnerabilities like this one.
Enforces least privilege for low-privilege local users, limiting the attack surface and potential impact of kernel security feature bypasses.