Cyber Resilience

CVE-2025-21379

High

Published: 11 February 2025

Published
11 February 2025
Modified
14 February 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0122 79.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21379 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 24H2. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21379 is a remote code execution vulnerability in the DHCP Client Service, carrying a CVSS 3.1 base score of 7.1. The flaw is associated with CWE-416 (use after free) and affects the DHCP client component on supported Windows systems.

An attacker positioned on the same local network segment can trigger the vulnerability without authentication, though successful exploitation requires high attack complexity and user interaction. If successful, the attacker can execute arbitrary code with the privileges of the affected service, resulting in high impact to confidentiality, integrity, and availability.

The official Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21379 supplies mitigation guidance and patch availability details for affected versions. The associated EPSS score remains low, with a current value of 0.0122 and a peak of 0.0126.

EU & UK References

Vulnerability details

DHCP Client Service Remote Code Execution Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

The CVE describes a remote code execution vulnerability in the DHCP Client Service (a client application), directly enabling Exploitation for Client Execution via crafted network responses.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-49724Same product: Microsoft Windows 11 24H2
CVE-2026-20854Same product: Microsoft Windows 11 24H2
CVE-2025-21372Same product: Microsoft Windows 11 24H2
CVE-2025-21315Same product: Microsoft Windows 11 24H2
CVE-2026-20870Same product: Microsoft Windows 11 24H2
CVE-2026-20859Same product: Microsoft Windows 11 24H2
CVE-2026-32157Same product: Microsoft Windows 11 24H2
CVE-2025-50165Same product: Microsoft Windows 11 24H2
CVE-2025-24077Same vendor: Microsoft
CVE-2026-25167Same product: Microsoft Windows 11 24H2

Affected Assets

microsoft
windows 11 24h2
≤ 10.0.26100.3194 · ≤ 10.0.26100.3194
microsoft
windows server 2025
≤ 10.0.26100.3194

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching directly eliminates the remote code execution vulnerability in the DHCP Client Service.

prevent

Memory protection mechanisms prevent successful exploitation of the use-after-free (CWE-416) flaw in the DHCP Client Service.

prevent

Boundary protection via network segmentation limits the adjacent network access (AV:A) required to deliver the malicious DHCP response.

References