CVE-2025-21378
Published: 14 January 2025
Summary
CVE-2025-21378 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1507. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 35.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely patching of the heap-based buffer overflow vulnerability in the Windows CSC Service to prevent local privilege escalation.
Employs memory protection methods like ASLR and DEP to mitigate exploitation of the heap-based buffer overflow in the CSC Service.
Enforces least privilege on the CSC Service and related processes to limit the potential impact and scope of privilege escalation from a low-privileged attacker.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation via heap-based buffer overflow in Windows CSC Service enabling SYSTEM access from low-privileged context.
NVD Description
Windows CSC Service Elevation of Privilege Vulnerability
Deeper analysisAI
CVE-2025-21378 is an Elevation of Privilege vulnerability in the Windows CSC (Client-Side Caching) Service. It carries a CVSS v3.1 base score of 7.8, with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and is associated with CWE-122 (Heap-based Buffer Overflow) or related issues per NVD-CWE-noinfo. The vulnerability affects Windows operating systems where the CSC Service is present, allowing improper handling that leads to privilege escalation.
A low-privileged local attacker can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation enables the attacker to elevate privileges, potentially gaining high-impact control over confidentiality, integrity, and availability of the system, such as achieving SYSTEM-level access from a standard user context.
Microsoft's security advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21378 provides details on patches and mitigation guidance for this vulnerability, published on 2025-01-14. Security practitioners should consult the update guide for applicable fixes across supported Windows versions.
Details
- CWE(s)