Cyber Resilience

CVE-2025-21360

HighLPE

Published: 14 January 2025

Published
14 January 2025
Modified
17 January 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 53.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21360 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Autoupdate. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-21360 is an Elevation of Privilege vulnerability affecting Microsoft AutoUpdate (MAU). Published on January 14, 2025, it carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-269 (Improper Privilege Management) and NVD-CWE-noinfo.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially elevating privileges on the affected system.

The Microsoft Security Response Center (MSRC) provides details on mitigation and patches in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360.

EU & UK References

Vulnerability details

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE describes local EoP vulnerability in Microsoft AutoUpdate allowing low-priv attacker to elevate privileges via improper privilege management, directly matching exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21287Same vendor: Microsoft
CVE-2026-21533Same vendor: Microsoft
CVE-2026-33821Same vendor: Microsoft
CVE-2025-49758Same vendor: Microsoft
CVE-2025-59247Same vendor: Microsoft
CVE-2026-21223Same vendor: Microsoft
CVE-2026-7994Same vendor: Microsoft
CVE-2026-21231Same vendor: Microsoft
CVE-2026-32091Same vendor: Microsoft
CVE-2026-25174Same vendor: Microsoft

Affected Assets

microsoft
autoupdate
≤ 4.76

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege for processes like Microsoft AutoUpdate, directly countering the improper privilege management (CWE-269) that enables local low-privileged attackers to elevate privileges.

prevent

Requires timely remediation of flaws such as CVE-2025-21360 through patching, as recommended by MSRC, preventing exploitation of the elevation of privilege vulnerability.

prevent

Mandates enforcement of access control policies to block unauthorized privilege escalation by local low-privileged users exploiting Microsoft AutoUpdate.

References