Cyber Posture

CVE-2025-21370

High

Published: 14 January 2025

Published
14 January 2025
Modified
17 January 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0059 69.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21370 is a high-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 30.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the CWE-20 improper input validation flaw in the VBS Enclave by requiring validation of inputs to prevent local privilege escalation.

SI-2 Flaw Remediation good match
prevent

Ensures timely flaw remediation through patching of the specific CVE-2025-21370 vulnerability in Windows VBS Enclave as provided by Microsoft updates.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict the actions a low-privilege local attacker can perform prior to attempting exploitation of the VBS Enclave vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct EoP vulnerability in VBS Enclave component allowing local low-privileged attackers to elevate privileges via improper input validation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Deeper analysisAI

CVE-2025-21370 is a Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability. It affects the VBS Enclave component in Windows systems that utilize virtualization-based security features. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-20 (Improper Input Validation), as indicated by NVD-CWE-noinfo. It was published on 2025-01-14.

A local attacker with low privileges can exploit this vulnerability through low-complexity techniques requiring no user interaction. Successful exploitation enables elevation of privileges, resulting in high impacts to confidentiality, integrity, and availability within the affected scope.

Microsoft's Security Response Center provides an update guide for mitigation details at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21370.

Details

CWE(s)
CWE-20NVD-CWE-noinfo

Affected Products

microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894

CVEs Like This One

CVE-2025-24994Same product: Microsoft Windows 11 22H2
CVE-2025-21235Same product: Microsoft Windows 11 22H2
CVE-2025-21234Same product: Microsoft Windows 11 22H2
CVE-2026-26170Same product: Microsoft Windows 11 23H2
CVE-2025-24076Same product: Microsoft Windows 11 22H2
CVE-2025-21325Same product: Microsoft Windows 11 22H2
CVE-2025-24084Same product: Microsoft Windows 11 22H2
CVE-2026-32168Same vendor: Microsoft
CVE-2026-20967Same vendor: Microsoft
CVE-2026-20938Same product: Microsoft Windows 11 23H2

References