CVE-2025-21207
published 2025-01-14CVE-2025-21207: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.03%
78.5th percentile
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_21h2 | < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_22h2 | < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.5371 | 10.0.19044.5371 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5371 | 10.0.19045.5371 |
| microsoft | windows_11_22h2 | < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_23h2 | < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_24h2 | < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4751 | 10.0.22621.4751 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4751 | 10.0.22631.4751 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_server_2019 | < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6775 | 10.0.17763.6775 |
| microsoft | windows_server_2022 | < 10.0.20348.3091 | 10.0.20348.3091 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.3091 | 10.0.20348.3091 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1369 | 10.0.25398.1369 |
| microsoft | windows_server_2025 | < 10.0.26100.2894 | 10.0.26100.2894 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.2894 | 10.0.26100.2894 |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
vendor_msrc·2025-01-14·CVSS 7.5
CVE-2025-21207 [HIGH] CWE-400 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of availability (A:H). What does that mean for this vulnerability?
An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS).
Windows Connected Devices Platform Service: Windows Connected Devices Platform Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5050008
Reference: https://support.microsoft.com/help/5050008
Re
GHSA
GHSA-cmq9-p2jc-99cw: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
ghsa_unreviewed·2025-01-14
CVE-2025-21207 [HIGH] CWE-400 GHSA-cmq9-p2jc-99cw: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
No detection rules found.
No public exploits indexed.
Tenable
Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
blogs_tenable·2025-07-08·CVSS 7.5
[HIGH] Microsoft’s July 2025 Patch Tuesday Addresses 128 CVEs (CVE-2025-49719)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
blogs_bleepingcomputer·2025-01-14·CVSS 7.8
[HIGH] Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
## Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
## Lawrence Abrams
40 Elevation of Privilege Vulnerabilities
14 Security Feature Bypass Vulnerabilities
58 Remote Code Execution Vulnerabilities
24 Information Disclosure Vulnerabilities
20 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5050009 & KB5050021 cumulative updates and the Windows 10 KB5048652 cumulative update.
## Three actively exploited zero-day disclosed
This month's Patch Tuesday fixes three actively exploited and five publicly exposed zero-day vulnerabilities.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited while no offi
2025-01-14
Published