CVE-2025-21391

HIGH CISA KEV EPSS 79.8%

Published Feb 11, 20251y ago · Modified Jun 17, 20261w ago

7.1 CVSS 3.1

High

Published Feb 11, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Feb 11, 2025 1y ago

KEV Due Mar 4, 2025 483d overdue

Description

Windows Storage Elevation of Privilege Vulnerability

Base Score

7.1

Exploitability

1.8

Impact

5.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality None

Integrity High

Availability High

CISA Known Exploited Overdue 483d

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

79.8% percentile

Exploit & Patch Status

Actively Exploited (KEV)

Patch Available

CWE-59

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.20915
microsoft	windows_10_1507	*	<10.0.10240.20915
microsoft	windows_10_1607	*	<10.0.14393.7785
microsoft	windows_10_1607	*	<10.0.14393.7785
microsoft	windows_10_1809	*	<10.0.17763.6893
microsoft	windows_10_1809	*	<10.0.17763.6893
microsoft	windows_10_21h2	*	<10.0.19044.5487
microsoft	windows_10_22h2	*	<10.0.19045.5487
microsoft	windows_11_22h2	*	<10.0.22621.4890
microsoft	windows_11_23h2	*	<10.0.22631.4890
microsoft	windows_11_24h2	*	<10.0.26100.3107
microsoft	windows_server_2016	*	<10.0.14393.7785
microsoft	windows_server_2019	*	<10.0.17763.6893
microsoft	windows_server_2022	*	<10.0.20348.3148
microsoft	windows_server_2022_23h2	*	<10.0.25398.1425
microsoft	windows_server_2025	*	<10.0.26100.3107

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391

PatchVendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21391

US Government Resource

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391

PatchVendor Advisory