Cyber Resilience

CVE-2025-21382

High

Published: 14 January 2025

Published
14 January 2025
Modified
17 January 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0228 85.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21382 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2025-21382 is an elevation of privilege flaw in the Windows Graphics Component, carrying a CVSS score of 7.8 under the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and associated with CWEs including CWE-122 and CWE-190.

An attacker with local access and low privileges can exploit the issue without user interaction to achieve high impact on confidentiality, integrity, and availability, enabling privilege escalation on the affected Windows system.

Microsoft has published an advisory for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21382. The EPSS score remains flat at a peak and current value of 0.0228 with no material rise observed.

EU & UK References

Vulnerability details

Windows Graphics Component Elevation of Privilege Vulnerability

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

This is a local elevation of privilege vulnerability (heap buffer overflow) in Windows Graphics Component allowing low-privileged attackers to gain higher privileges, directly enabling T1068: Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20864Same product: Microsoft Windows 10 1809
CVE-2025-24067Same product: Microsoft Windows 10 1809
CVE-2025-24995Same product: Microsoft Windows 10 1809
CVE-2025-49723Same product: Microsoft Windows 10 1809
CVE-2025-24050Same product: Microsoft Windows 10 1809
CVE-2025-21367Same product: Microsoft Windows 10 1809
CVE-2025-21292Same product: Microsoft Windows 10 1809
CVE-2025-21378Same product: Microsoft Windows 10 1809
CVE-2025-21418Same product: Microsoft Windows 10 1809
CVE-2025-21333Same product: Microsoft Windows 10 21H2

Affected Assets

microsoft
windows 10 1809
≤ 10.0.17763.6775 · ≤ 10.0.17763.6775
microsoft
windows 10 21h2
≤ 10.0.19044.5371
microsoft
windows 10 22h2
≤ 10.0.19045.5371
microsoft
windows 11 22h2
≤ 10.0.22621.4751
microsoft
windows 11 23h2
≤ 10.0.22631.4751
microsoft
windows 11 24h2
≤ 10.0.26100.2894
microsoft
windows server 2019
≤ 10.0.17763.6775
microsoft
windows server 2022
≤ 10.0.20348.3091
microsoft
windows server 2022 23h2
≤ 10.0.25398.1369
microsoft
windows server 2025
≤ 10.0.26100.2894

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap-based buffer overflow and integer overflow vulnerability by requiring timely remediation through application of Microsoft's patches.

prevent

Implements memory protection mechanisms such as ASLR, DEP, and stack canaries that defend against exploitation of buffer and integer overflows in the Windows Graphics Component.

prevent

Enforces least privilege to limit the initial access scope of low-privilege local attackers, reducing the potential impact of successful privilege escalation.

References