CVE-2025-21379
Published: 11 February 2025
Summary
CVE-2025-21379 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-21379 is a remote code execution vulnerability in the DHCP Client Service, carrying a CVSS 3.1 base score of 7.1. The flaw is associated with CWE-416 (use after free) and affects the DHCP client component on supported Windows systems.
An attacker positioned on the same local network segment can trigger the vulnerability without authentication, though successful exploitation requires high attack complexity and user interaction. If successful, the attacker can execute arbitrary code with the privileges of the affected service, resulting in high impact to confidentiality, integrity, and availability.
The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21379 supplies mitigation guidance and patch availability details for affected versions. The associated EPSS score remains low, with a current value of 0.0122 and a peak of 0.0126.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2442
Vulnerability details
DHCP Client Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote code execution vulnerability in the DHCP Client Service (a client application), directly enabling Exploitation for Client Execution via crafted network responses.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through patching directly eliminates the remote code execution vulnerability in the DHCP Client Service.
Memory protection mechanisms prevent successful exploitation of the use-after-free (CWE-416) flaw in the DHCP Client Service.
Boundary protection via network segmentation limits the adjacent network access (AV:A) required to deliver the malicious DHCP response.