CVE-2025-21369
Published: 11 February 2025
Summary
CVE-2025-21369 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and remediation of known vulnerabilities like CVE-2025-21369 through application of Microsoft patches to eliminate the heap-based buffer overflow.
Implements memory protections such as DEP and ASLR that mitigate remote code execution from heap buffer overflows and integer overflows in Digest Authentication.
Enables vulnerability scanning to identify systems affected by CVE-2025-21369, facilitating targeted patching and risk reduction.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes a network-accessible RCE vulnerability in Microsoft Digest Authentication (public-facing web auth service) that can be directly exploited with low privileges and no user interaction, mapping to T1190 for initial access via public-facing application.
NVD Description
Microsoft Digest Authentication Remote Code Execution Vulnerability
Deeper analysisAI
CVE-2025-21369 is a Remote Code Execution vulnerability affecting Microsoft Digest Authentication. Published on 2025-02-11, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-122 (Heap-based Buffer Overflow), CWE-190 (Integer Overflow or Wraparound), and NVD-CWE-noinfo.
The vulnerability can be exploited by an attacker with low privileges (PR:L) over the network (AV:N) using low-complexity techniques that require no user interaction (UI:N). Successful exploitation enables remote code execution with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) in an unchanged security scope (S:U).
Microsoft's Security Update Guide provides details on affected software, exploitation status, and mitigation steps, including available patches, at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21369.
Details
- CWE(s)