CVE-2025-21376
Published: 11 February 2025
Summary
CVE-2025-21376 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 18.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2025-21376 is a remote code execution flaw in the Windows Lightweight Directory Access Protocol (LDAP) component. It carries a CVSS 3.1 base score of 8.1 and is associated with weaknesses including heap-based buffer overflows, integer underflows, and race conditions.
An unauthenticated attacker can target the flaw over the network without user interaction. Successful exploitation, which requires high attack complexity, grants the ability to execute arbitrary code with full impact on confidentiality, integrity, and availability.
Microsoft has published an advisory detailing the issue and available updates through its Security Response Center. The current EPSS score of 0.0144 shows no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2439
Vulnerability details
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an unauthenticated remote code execution vulnerability in the Windows LDAP component accessible over the network, directly mapping to exploitation of a remote service to execute arbitrary code.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the LDAP RCE vulnerability by requiring timely remediation through application of vendor-provided patches as specified in the MSRC update guide.
Identifies systems vulnerable to CVE-2025-21376 via regular vulnerability scanning for known flaws like heap buffer overflows in the Windows LDAP component.
Limits remote network exposure to the LDAP service by enforcing boundary protections such as firewalls restricting access to LDAP ports (389/TCP, 636/TCP).