CVE-2025-21360

HighLPE

Published: 14 January 2025

Published

14 January 2025

Modified

17 January 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21360 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Microsoft Autoupdate. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 44.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege for processes like Microsoft AutoUpdate, directly countering the improper privilege management (CWE-269) that enables local low-privileged attackers to elevate privileges.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of flaws such as CVE-2025-21360 through patching, as recommended by MSRC, preventing exploitation of the elevation of privilege vulnerability.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of access control policies to block unauthorized privilege escalation by local low-privileged users exploiting Microsoft AutoUpdate.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE describes local EoP vulnerability in Microsoft AutoUpdate allowing low-priv attacker to elevate privileges via improper privilege management, directly matching exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Deeper analysisAI

CVE-2025-21360 is an Elevation of Privilege vulnerability affecting Microsoft AutoUpdate (MAU). Published on January 14, 2025, it carries a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-269 (Improper Privilege Management) and NVD-CWE-noinfo.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially elevating privileges on the affected system.

The Microsoft Security Response Center (MSRC) provides details on mitigation and patches in its update guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360.

Details

CWE(s): CWE-269 NVD-CWE-noinfo

Affected Products

microsoft

autoupdate

≤ 4.76

CVEs Like This One

CVE-2025-49758Same vendor: Microsoft

CVE-2026-21533Same vendor: Microsoft

CVE-2025-21287Same vendor: Microsoft

CVE-2025-59247Same vendor: Microsoft

CVE-2026-21223Same vendor: Microsoft

CVE-2025-54914Same vendor: Microsoft

CVE-2026-24293Same vendor: Microsoft

CVE-2025-21359Same vendor: Microsoft

CVE-2025-21367Same vendor: Microsoft

CVE-2025-49739Same vendor: Microsoft

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360
Patch, Vendor Advisory · secure@microsoft.com