CVE-2025-21382
Published: 14 January 2025
Summary
CVE-2025-21382 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2025-21382 is an elevation of privilege flaw in the Windows Graphics Component, carrying a CVSS score of 7.8 under the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and associated with CWEs including CWE-122 and CWE-190.
An attacker with local access and low privileges can exploit the issue without user interaction to achieve high impact on confidentiality, integrity, and availability, enabling privilege escalation on the affected Windows system.
Microsoft has published an advisory for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21382. The EPSS score remains flat at a peak and current value of 0.0228 with no material rise observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2445
Vulnerability details
Windows Graphics Component Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
This is a local elevation of privilege vulnerability (heap buffer overflow) in Windows Graphics Component allowing low-privileged attackers to gain higher privileges, directly enabling T1068: Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the heap-based buffer overflow and integer overflow vulnerability by requiring timely remediation through application of Microsoft's patches.
Implements memory protection mechanisms such as ASLR, DEP, and stack canaries that defend against exploitation of buffer and integer overflows in the Windows Graphics Component.
Enforces least privilege to limit the initial access scope of low-privilege local attackers, reducing the potential impact of successful privilege escalation.